Who is accountable for SSH-related, key-based access in your organization? In many enterprises, this is not clear, leading to assumptions that leave you vulnerable to attack and compliance violations as well. This article will address the challenge of SSH user key-based access from the perspective of compliance.
It’s all about access control. All the regulations, laws and frameworks exist to ensure, at a minimum, that protected data (PII, ePHI, credit card data, etc.) has authorized access. It doesn’t matter whether that access is being requested by a machine, admin or business user.