Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Forrester Research: Gaps in SSH Security Create an Open Door for Attackers

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up for yours below.

Log In

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in out online comments.
Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

By registering you agree with our terms and conditions and privacy policy.

When you consider the elevated, root privileges SSH provides, you would assume that enterprises make SSH keys more secure than simple usernames and passwords, which provide far fewer privileges to critical systems and applications. But this is not the case. In this Technology Adoption Profile (TAP) by Forrester Research, analyst, John Kindervag, emphasizes, “Two-thirds of IT security professionals do not perform the necessary checks for unauthorized use of SSH keys.”

This negligence of SSH security has consequences. Nearly 50% of survey respondents reported that they had to address security incidents related to the compromise or misuse of SSH keys within the last 24 months—and that’s just based on known security incidents. Many more incidents go undetected.

What can you do to stay more secure and ensure better protection of SSH? Use this Forrester Research TAP to compare your SSH security to that of other organizations. Then close the gaps in your SSH security by applying Forrester’s requirements, including:

  • Centralizing control and visibility
  • Establishing a baseline
  • Rotating keys regularly
  • Continuously monitoring
  • Remediating vulnerabilities

Brought to You by