温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.ssh.com/blog/ssh-industry-focus-insurance-sector
点击访问原文链接

SSH Industry Focus: Insurance Sector

SSH Industry Focus: Insurance Sector About us Investors Partners Careers Solutions SOLUTIONS Zero Trust Suite Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Assessment, Quantification & Mitigation By Topic Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & multi-cloud access management Interactive tour: Privileged Access in the Cloud M2M connections IT Audits & Compliance Secure file transfer By Industry Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Products SECURE ACCESS & SECRETS MANAGEMENT SECURE FILE TRANSFER & ENCRYPTION NQX™ quantum-ready encryption Tectia™ SSH Client/Server Tectia™ z/OS SalaX Secure Collaboration Secure Mail 2024 Secure Messaging 2024 SalaX Secure Collaboration Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability About us Investors Partners Careers April 14, 2019 SSH Industry Focus: Insurance Sector Written by: Andrew Hammond Innovation and disruption are two sides of the same coin when describing the global insurance industry. Innovation in the form of digital transformation, new payment platforms, and mobility provide the basis for expansion by meeting evolving customer needs. Adoption of innovation also increases the complexity of your infrastructure and increases the need for managing risk proactively. Legacy infrastructure must become more dynamically provisioned with the rapid transition to the cloud. Existing threat surfaces built up over time must be reduced as bad actors target insurance companies. Governance must be increased to meet the complex and growing set of compliance regimes impacting the insurance industry. All of this comes back to better support for consumers across multiple channels and platforms while protecting the firm’s reputation and lines of business.

 

Transition to the Cloud Insurance companies are rapidly adopting cloud-based resources. Agility is key to leveraging InsurTech and FinTech innovations.

“More than 70% of insurers use some cloud, and those that do are planning to use more. About 10% of insurers run most of their infrastructure on cloud.”

Source: Cloud Adoption in Insurance: Trends and Issues, Published: March 2018 

The drivers for cloud adoption include both cost reduction and increased efficiency driven by increased demands for mobility and business cycles. But before claim handling is mostly automated and the majority of the functions in the cloud, there are some potential obstacles on the way to the promised land.

Obstacle 1: Your Legacy IT Access Paradigm can be an Obstacle to Cloud Transformation The Secure Shell protocol is the defacto method of remotely accessing Linux-based servers and transferring data securely between them. An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users. Based on our research, major enterprises might have millions of these keys in their environment. Some reasons:

These keys can be self-provisioned by system administrators in minutes It is easier to create new keys than to delete existing ones without breaking anything on the network The keys can be shared without assigning an identity to them and they can exist outside your network if granted to 3rd parties These can grant access that is invisible to established security controls, such as traditional Privileged Access Management (PAM) solutions This is happening today with an encryption protocol that has existed for the last 20 years, quietly doing its’s work while spreading because of the growth of an open source distribution model. SSH uses encryption keys that have been forgotten yet provide the most critical form of access into your networks. Who uses SSH in your organization? More people than you probably realize… IT administrators use the SSH protocol to remotely access operating systems, application databases and network devices. Developers accessing systems, moving code between systems and into cloud environments Applications on autopilot securely moving data between applications, both on premise and to the cloud. Supply chain vendors and outsourced managed service providers that support and maintain corporate networks. Applications on autopilot securely moving data between applications, both on premise and to the cloud. This creates an incredibly complex web of connections and critical access credentials that is impossible to keep track of manually. Moving the cloud without solving this problem means that your business loses the efficiency and agility gains promised by the cloud.

  Obstacle 2: Unmanaged SSH Keys Recent breaches at Anthem and Premera Blue Cross signify an increasing cybersecurity threat. There’s more. The threat surface is increasing because of larger and more complex networks. This is only likely to continue with the massive rise in cloud platforms, sophisticated mobile stacks and the advent of Enterprise-present IOT and embedded systems. The bad guys are getting more sophisticated, stockpiling delivery mechanisms and payloads and developing sophisticated supply chains and cyber assets, as exemplified by the SWIFT incident and concerns over payment systems. Third party and supply chain risk increase exposure as more outsourcing takes place and more complex and global business ecosystems emerge. Insider threats stemming from the dark web, which has been reaching out to insiders to buy their SSH login credentials. Perhaps the most worrisome application of the SSH protocol comes from hackers and malicious insiders; it is their preferred method to move laterally throughout our networks. In many financial institutions, accountability, manageability, governance and even knowledge of these keys is unclear, opening the door to compliance violations. At the heart of the issue is access control. It’s all about protecting the data (PII, credit card data, etc.) and making sure it has authorized access. It doesn’t matter whether access is being requested by a machine, admin or business user.

Recently ISACA issued guidance to the compliance and audit community on how to leverage SSH key management best practices titled “SSH: Practitioner Considerations.”

In a specific customer case, 10,000 Unix/Linux hosts, lacked strong SSH key management that equated to 1.5 million application keys granting access and 70,000 keys each for database administrator and system admins. There can be up to one billion authentications per year granting access. The majority of the access available via these keys is obsolete, having been assigned to employees or third parties who no longer work with or for the financial institution.

Obstacle 3: Compliance The recent data breaches have also increased the scrutiny of state regulators along with the U.S. Department of the Treasury's Financial Banking and Information Infrastructure Committee (FBIIC) and the Executive Branch and Independent Agency Regulatory Cybersecurity Forum. After all, the insurance industry is one of the most heavily regulated-especially by state regulators. Trust relationships between customers and insurance companies is intrinsic to the industry and its survival. The SSH protocol is in fact the backbone of today’s insurance industry.

Regulatory pressure and market dynamics have made compliance a key function in managing risk-especially as it relates to cybersecurity across the enterprise. Specifically, data protection laws, data breach reporting, and the increased use of out sourced providers all relate to the ubiquitous and unmanaged use of SSH across the estate. Proactive management of SSH reduces costs and lowers cyber risk.

Solutions Fix the legacy: Discover, manage and automate your entire SSH key environment Before moving your infrastructure to the cloud, simplify and take control of the complex web connections. This ensures that you don’t replicate the problem in the cloud, have a better security posture to make the move and mitigate existing risks at the same time. With our Universal SSH Key Manager®, you will:

Gain full visibility into how critical servers are accessed and by whom on the network Eliminate the SSH keys that no longer should exist, for example, if they are obsolete or in violation of your security policies Prevent backdoor access and find the keys created outside your PAM software Grant server specific access with limited privilege for tasks that do not require admin or root-level access like application-specific Gain compliance with regulations and face an audit with confidence Build the future: agile and lean access at scale Digital requires agility in all functions and processes. Back your cloud strategies while delivering a more cost effective and secure solution that is PrivX®. Compared to legacy PAMs (privileged access management), PrivX helps you to:

Fortify your cloud deployments by controlling access to your AWS, GCP and Azure-host servers Cut the costs of credentials lifecycle management and vaulting by instead granting short-lived authentication to users only when they need it. Strengthen your security posture; eliminating credentials also reduces your threat surface. Economize on deployment and maintenance efforts by avoiding the use of agents, commonly required by PAMs, on your client workstations and hosts. How to get started with your secure could transformation? SSH.COM offers insurance institutions:

a Risk Assessment that delivers a detailed analysis of risks around SSH mismanagement. a workshop on SSH key management best practices Universal SSH Key Manager®-a product offering that addresses SSH key management issues PrivX® access gateway for cloud resources SSH.COM is committed to partnering with you to provide clear sailing and prevent the factors that could conspire to threaten your organization. Taking advance of disruptive technologies, protecting your infrastructure, while increasing governance is a winning formula for continued growth in the insurance industry.

 

Tag(s): Privileged Access Management , SSH Key management , ISACA , insurance Andrew Hammond Market maker and business builder for cyber security, advanced technologies, network and web infrastructure, computing platforms and application software. Functional expert in direct, channel and OEM sales, marketing, business development, and product management. Proven leader for companies seeking growth through new...

Other posts you might be interested in identity and access management 4 min read | January 15, 2020 SSH.COM and Digital Information Technologies Form Partnership to Strengthen Privileged Access Management for Enterprises Read More Gartner 6 min read | November 30, 2018 We broke the IT security perimeter Read More email encryption 8 min read | March 23, 2022 Email encryption & cloud: 5 tips for secure information sharing (SIS) Read More Subscribe to email updates SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Solutions Zero Trust Suite Zero Trust Suite & Entra ID Integration Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Mitigation OT security MSP Security Device Trust Monitoring & Threat Intelligence Credentials & Secrets Management IT Audits & Compliance Products PrivX™ Hybrid PAM PrivX Key Manager Tectia SSH Client/Server™ Tectia™ z/OS Secure Messaging Secure Mail Secure Sign NQX™ Quantum-Safe Services SSH Risk Assessment™ Professional Services Support Resources Careers References Downloads Manuals Events & Webinars Blog Company About us Contact Investors Partners Press Stay on top of the latest in cybersecurity Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form. © Copyright SSH • 2025 • Legal

智能索引记录