What is CloudGate Key Manager?
With ever more computing resources moving off-premise and into the cloud, controlling access to these resources becomes increasingly important. Traditionally, remote access to these hosts is performed using the SSH protocol, and, while the protocol in itself provides sufficiently adequate security mechanisms, organizations continue struggling to deploy these mechanisms at scale.
To boost security, moving away from username/password authentication to private/public key authentication is an important first step for SSH hosts, but provisioning the authorized keys to a large number of instances has proven to be unwieldy and hard to manage. This, in turn, results in a wild growth of long-lived keys, often shared by multiple users or even entire organizations, putting the whole infrastructure at risk.
As a solution, CloudGate Key Manager reduces this risk and provides a secure audit trail for SOX compliance.
CloudGate Key Manager addresses the current SSH key management problem by providing users with short-lived keys and allowing administrators to control access with flexible attribute-based policies. Furthermore, it only requires minimal changes to existing or newly created SSH hosts.
Why CloudGate Key Manager?
Makes access to cloud servers using SSH key more secure.
CloudGate Key Manager utilizes CloudGate’s authentication infrastructure to prevent SSH key leakage and third party usage by performing various access restrictions and user authentication such as multi-factor authentication, biometric authentication, IP restriction, and such.
Improves safety while keeping the convenience of your cloud server intact.
Control the Lifetime of your Keys
CloudGate Key Manager lets you control the lifetime of your users’ SSH keys by configuring a key rotation policy. Specifying a short-lived key validity period forces users to generate a new key pair on a monthly, weekly, daily, or even hourly basis, thus reducing the risk of stale keys finding their way out of the organization.
In addition, removal or suspension of a user will immediately result in the revocation of this user’s keys, and individual keys can be manually revoked in case they are compromised by theft or loss.
CloudGate Key Manager allows you to define attribute-based access control (ABAC) policies for users, groups, organizational units or any combination thereof.
Using these policies, you can limit the instances that can be accessed by selected entities through a powerful logic tree. This logic tree lets you define any possible combination of instance attributes and allows you to restrict the range of accessible instances to a given cloud environment, region, instance type, or even to a specific instance ID, hostname, account or tag.
Enforce Strong Authentication with CloudGate UNO
CloudGate Key Manager does not store any private keys, nor does it keep them in memory. After authenticating, generation of the key pair is triggered by the individual user, after which the private key is presented to the user for a one time download.
Since authentication for both users and administrators is handled by CloudGate UNO single sign-on, administrators can take advantage of CloudGate’s security profiles to set up strong authentication for their users, and prevent keys from falling in the hands of unauthorized parties.
Get started with your 30-day free trial!
Experience how CloudGate UNO / CloudGate Key Manager can protect you from unauthorized access and help manage your SSH keys to secure your company’s resources.