Customer Requirement:
A leading enterprise with a mature PAM deployment (covering 95% of infrastructure) began expanding its Privileged Access Management (PAM) program to cover business application accounts. While core system and infrastructure-layer accounts are already vaulted and session-managed, a massive blind spot emerged: unmanaged SSH keys.
A DNS-based scan discovered thousands of SSH keys — many granting root-level access — but not onboarded into the PAM tool due to license constraints or process gaps.
The catch
- SSH keys are used widely for OS-level and application accounts.
- Many keys are 6–8 years old, with no rotation policy in place.
- Application teams create SSH keys during server provisioning with no central governance.
- Audit logs are missing for 180+ days — indicating unauthorized or unmonitored access.
- Key-to-owner mapping is unclear, raising the risk of orphaned or backdoor access.
Despite privileged accounts being governed, the credentials enabling access (SSH keys) remain a shadow risk vector.
🛠 How BAAR-IGA Helped
🔗 Continuous Monitoring Across HR, AD, and Applications
BAAR-IGA was deployed alongside the PAM tool—not to replace it, but to extend governance to SSH keys. Within days, it delivered measurable results:
- SSH Key Discovery
Identified and inventoried 6,200 SSH keys across Unix and Windows systems - Key Ownership Mapping
Correlated SSH keys to user identities and service owners using behavioral and metadata analysis - Lifecycle Policy Enforcement
Enforced SSH key expiry and rotation every 90 days through policy automation - Orphaned Key Detection
Flagged over 1,300 SSH keys with no associated account activity for more than 6 months - Access Reviews
Launched an SSH key-based access certification campaign with business owners - Provisioning Controls
Integrated with CI/CD pipelines to block unauthorized key creation during provisioning
✅ The Outcome
- Visibility and control restored across all unmanaged SSH credentials
- Risk of backdoor access closed
- Audit-readiness improved through full logging and ownership attribution
- The organization now treats SSH keys as first-class access objects — just like passwords or tokens
🧠 Takeaway
SSH keys are often overlooked in PAM programs — but they grant direct, privileged access. With PAM managing accounts, BAAR-IGA closes the SSH key governance gap through discovery, policy enforcement, and lifecycle control. It brings SSH-based access under centralized, identity-centric governance — cost-effectively and at scale.
