All Posts

Are web agencies putting clients data at risk?

Posted by Rick on June 28th, 2022
web-agencies-risk.jpeg

If you've ever worked at a web agency or software development firm you'll know how demanding the job can be. There are often tight deadlines, big projects, and a need to deliver a great service to clients. Often this means corners get cut when there's no time to properly manage server infrastructure and security.

You've likely got multiple servers and a team of developers who regularly need SSH access. Keeping things in sync and not spending a bunch of time managing team access can be a pain. We're going to look at a few ways of doing this that can help to take some of the strain out of managing SSH keys and prevent a major client data breach.

Manual SSH Access Management

The simplest but by far the most time-consuming way to manage team access to your servers is to have each user manage their own SSH keys. Someone on the team drops your key into the ~/.ssh/authorized_keys file on each server, and you've got access.

This works fine, but it can get a little messy. What happens when someone leaves? Or a company laptop is stolen? You'll need to find and remove each instance of the user's key on every single server. Not ideal.

Over the years we've seen web agencies coming up with new ways of trying to manage server access, from storing a text file full of keys in GitHub to dropping them into provisioning scripts like Ansible and Terraform that need to be re-run every on every server time someone leaves.

If you're working with a large team, or with multiple servers, it can quickly become a hassle, and more importantly a huge security risk. It doesn't have to be this way though.

Automated SSH Access Management

ServerAuth makes managing SSH Keys across your servers simple. Simply create an account and connect to your existing servers. You can then invite your team to join you - each of them will get their own account to upload and manage their SSH key.

There's no configuration needed on your server, ServerAuth handles syncing keys across all servers for any team members you grant access to. Whatsmore you can take advantage of advanced options such as scheduling when your team has server access. So for example if your business operates 9-5 Monday to Friday you can set your teams access to only be available during those hours.

It doesn't stop there. Included with ServerAuth is a range of Server Management features, such as firewall and ip blocking, cron job management, log viewer, server monitoring and more.

Are you ready to take client data security seriously?

Team members come and go, and often passwords don't get changed, server access doesn't get revoked, and client data ends up being put at risk, all because it's a long and laborious task to keep on top of server security. By using ServerAuth much of this risk is taken away. At the click of a button, a former team member can be removed from all servers in an instant, and because ServerAuth manages your SSH authorized keys file nobody can sneak a key onto the server as it would just be removed automatically in the name of security.

Start taking security seriously, and avoid risking client data by switching to ServerAuth today. We offer a free 7-day trial, it works with your existing server infrastructure, and we're constantly bringing new features to the table to make server management easy for everyone.

Server Management & Security doesn't have to be a full time job.

ServerAuth provides a whole host of management tools, from controlling who can access your server, to adding cron jobs, securing your servers and installing packages. And with an ever growing suite of tools you'll always be one step ahead!

Start for free
Server Management Software Screenshot
ServerAuth
Server Management & SSH Security Software
 on Twitter
Copyright © ServerAuth Ltd
Registered in England No. 13996293
All Rights Reserved.
Solutions
Resources
Support
Customers
ServerAuth
The Legal Bits