Interview with the inventor of SSH, Tatu Ylonen, CEO
Today, SSH is one of the most widely used security protocols in the world. Over 3000 global organisations use the data-in-transit solution for moving information, including 7 of the Fortune 10. 90% of the world’s SSH and OpenSSH Unix servers use the file transfer function making SSH the gold-standard security protocol.
While organisations are using a robust security solution that has prevented both internal and external data losses, the runaway success of protocol hides a darker secret. SSH keys, private and public, are used to authenticate when a user, remote service or computer has a right to be logged onto a system. Millions have been created and are in circulation and it is this indiscriminate creation of SHH keys worldwide which has the potential to bring some of the world’s largest organisations to their knees.
Over the years SSH key pairs have been created legitimately by organisations but many remain undeleted with millions left unmanaged. A typical estimate suggests a FTSE company spends over £2million a year managing this overhead.
The problem is ‘real’. Take the example of an individual/contractor that has been issued a set of keys to carry out some maintenance work at an organisation. A hacker could feasibility obtain that key by infiltrating that contractor’s home or work machine [through the user’s home directory]. From there an unauthorised connection to an organisation’s database service gives access to information such as credit card numbers and personal details.
This issue is well-known in the industry and the complexity of the problem has compounded efforts to devise a ‘credible’ fix. SSH Communications, the Finland technology firm, believes it has the answer – a User Key Management Tool, different to IMS [Identity Management System], able to distinguish all types of systems and services.
We are setting up concall pre-briefings commencing, 12 Mar 2012 with the inventor of SSH, Tatu Ylönen, CEO of SSH Comunications to discuss why this situation haunts the world’s leading CSO/CIOs and the solution - the User Key Management tool.
Tatu will cover:
- The mass adoption of SSH – a victim of its own success.
- The abundance of unknown SSH keys still in circulation and the gravity of the problem for organisations.
- The fix – User Key Management and why it is major improvement on current solutions.
- Test-pilot data and feedback from Fortune 10 organisations trialling User Key Management.
- News Release: The SSH User Key Management Tool
- Demonstrations will also be available at Infosec 2012, 24-26 April. More information to follow.