As organizations look to embrace modern approaches to security in 2022, a strongDM survey has revealed that access management is one of the most crucial factors to achieving this goal. The data showed that 80% of organizations are looking to address access management as a strategic initiative over the next 12 months, highlighting the need to secure and streamline infrastructure-wide access controls as a prerequisite to other initiatives, like zero trust.
“Whether it’s ransomware, breaches, or just about any other type of security issue, virtually all begin at the same place–access,” said Tim Prendergast, strongDM CEO.
“The combination of legacy approaches, new technologies, and ever evolving organizations has made the process for getting access to infrastructure and systems long and arduous. It also makes implementing new security initiatives, such as zero trust, impossible without first addressing the pervasive and profound challenges associated with legacy access management.”
The data report reveals unsecure access management practices that make it difficult to track and audit users and permissions of critical business systems, including:
- Technical staff at 93 percent of organizations have access to sensitive systems.
- 65 percent of organizations use shared logins; 41 percent use shared SSH keys.
Legacy access processes create severe team inefficiencies
Moreover, the report finds that legacy access processes create severe team inefficiencies, requiring intensive time and resources, and blocking agile development practices:
- 88 percent of organizations require two or more employees to review and approve access requests, taking days or weeks to fulfill.
- Respondents cite their biggest challenges as the time required to request and grant access (52 percent), and the task of assigning, rotating, and tracking credentials (51 percent).
These challenges are further exacerbated as the number of employees and systems increase, with access requirements growing beyond human scale even before companies reach the mid-sized stage.
While many tools exist to connect users to applications, similar tools for infrastructure access remain elusive. This is due to the complexity of modern infrastructure, encompassing everything from legacy mainframes to multi-cloud environments, and the inexorable emergence of new technologies such as Kubernetes and containers.
These challenges extend across a company’s entire technology stack, as respondents listed cloud providers, databases, data centers, and servers among the most challenging tools for access management. Further complicating access is that these technologies are additive – legacy tools continue in production while new tools are added. The result is an access challenge with ever-increasing complexity.