Systems administrators typically introduce SSH keys into an environment with little awareness of how the keys can be misused, Bocek said. Though IT security teams at some organizations have attempted to gain control over key management, many enterprises still leave the task to the administrators, he said.
In the Ponemon survey, about 74 percent of the respondents said they allow administrators to independently control and manage SSH keys. As a result, enterprise security teams often have very little visibility into the scale of the problem and even less information about how to manage it.
To get a handle on the problem, enterprises must figure out where SSH is in use and how many keys might be floating about on their networks. They then need to find a way to correlate the keys back to the appropriate servers, evaluate whether they're needed and put in place a process for automatically changing keys.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.