Finnish vendor SSH Communications Security is best known for its Secure Shell (SSH) protocol that is used in millions of computers and servers. Tommi Lampila, SSH's Asia Pacific vice president speaks to Computerworld Singapore on security trends in the region.
What is the current state of information security for enterprises in Asia?
Traditionally, enterprises have focused on securing their network perimeter, with the perception that they need to protect the internal, trusted network against attacks originating from the untrusted, external network.
Today, we see the perimeter between the internal and external networks degrading, as enterprises become increasingly networked with their partners and customers, move critical operational data to cloud services, see their employees bring their own devices (smartphones, tablets) onto the enterprise networks, and increase the level of outsourcing for the maintenance and housing of enterprise IT infrastructure. We can no longer consider our internal network to be a trusted network, with a hardened shell, within which our data does not need to be protected.
This leads to compliance programmes, as well as internal and external auditors to put more attention into the way enterprises are managing access to critical and sensitive data also within their networks. This has implications for data-in-transit encryption, access control, auditing, authentication key management, and forensics capabilities in the enterprise internal network.
Enterprises need to be able to display that they know who is accessing sensitive business and customer information in their internal network, and that they can effectively limit and manage this access, to ensure accountability for their privileged users.
Certificate theft seems to be a serious problem. What can be done to address this?
We need to examine the controls that the certificate authorities are using to prevent certificate theft. We also need to consider multi-layered security controls, and alternative or multi-factor authentication mechanisms for critical enterprise data streams, so that external certificate theft does not compromise the integrity of these trust relationships.
The SSH protocol uses raw keys for authenticating users, without relying on any certificate authorities. Thus, by default, the protocol is immune to certificate authority forgeries. This is one best practice approach many enterprises use to avoid problems from certificate theft in their IT infrastructure.
What are some of the security challenges that your customers in Asia face?
We are working with large enterprises to improve their capabilities in authentication key management, especially concerning system or functional accounts (i.e. accounts performing scheduled file transfers, and other automated data operations). We see that 70-90 percent of the user accounts in large enterprises may actually consist of these system accounts, as opposed to interactive human users - while traditionally most of the focus on authentication and access management has been spent on interactive users. However, these system accounts perform the bulk of the critical data operations and transfers for these organisations, and access highly sensitive business and customer data.
Sign up for CIO Asia eNewsletters.