<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Why Access Management Is Overdue for Innovation

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

The flexibility of the modern cloud has made access needs more complicated, with more employees requiring access to a company’s critical systems. In fact, our survey found that 93% of technical staff have access to sensitive infrastructure such as servers, clusters, databases, and cloud APIs. But in many organizations, access management has not kept pace with innovation. 

Consider these neat-and-tidy old metaphors for network access: the bouncer barring the door, the moat-and-castle, bank vault, keys to the kingdom…. These days, the reality on the ground is much messier. The rise of democratized access to data, serverless computing, and ephemeral infrastructure has forced organizations to stitch together a hodgepodge of IAM products, authentication tools, and custom scripts. 

The result? A squadron of competing bouncers wading through multiple moats, trying to restrict access to all of the treasures in your metaphorical kingdom — a recipe for chaos if you’re trying to operate a business.

Innovation is Pushing Access Beyond Human Scale

53% of organizations take hours to weeks to grant access to infrastructure

These access issues prevent developers from meeting business demands. Eighty percent of our survey respondents named access management as a critical initiative over the next 12 months, and for good reason. Methods of access management have not kept pace with growth. 

Of the organizations in our cohort, nearly all have technical staff with access to sensitive infrastructure. Or, perhaps a better way to put this — these organizations have staff who need access to sensitive infrastructure. Unfortunately, they’re running into bottlenecks and administrative overhead when they try to get it.

Of the organizations we surveyed:

  • 53% take hours to weeks to grant access to infrastructure.
  • 88% require two or more people to grant and approve access.
  • 25% require four or more!

These slow-downs lead to business disruption and increase the likelihood of work-arounds that impact security. And the problem isn’t going away. It’ll only get worse.

Chaotic Access Puts Your Business at Risk

65% of teams use shared logins to manage infrastructure access

Despite the risks, credential sharing is still a common practice. 

Among the people we surveyed:

  • 65% use team or shared logins.
  • 45% use one-off permissions.
  • 42% use shared SSH keys.

Employees share logins for many reasons. Sharing one account among multiple users may reduce friction and make it easier to collaborate with colleagues. And organizations may attempt to save money by buying fewer seats rather than acquiring individual accounts for every user. 

But these benefits come with a downside. Password-sharing carries significant risk for organizations. This practice increases the odds of sensitive company information being leaked, makes accounts more vulnerable to phishing attempts, and amplifies the harm those attacks may cause by making it easier for bad actors to access other parts of your network. 

Additionally, shared logins make evidence gathering impossible. In our survey, 41% of participants named evidence gathering for compliance as a top challenge. It’s hard to establish who is doing what when employees share passwords. 

It’s Time For Access You Can Actually Use

Our survey found that organizations face access challenges across the entire stack, especially for these systems:

  • 60% cloud providers
  • 57% databases
  • 57% data centers and servers

But with a lack of shared language across platforms — with private and public clouds, data centers, virtual machines, and even SaaS applications in the mix — security and engineering may find themselves working at cross-purposes.

Access causes friction when users have to jump through hoops, asking: What buttons am I going to click? What passwords do I need to remember? How many tools are we going to use?  Ideally, teams would standardize access across all systems, but when you get down to individual IT teams and development teams, most users want to stick with what’s comfortable.

That’s where StrongDM comes in. Our infrastructure access platform makes it easier for engineers to adopt security best-practices in their day-to-day life by unifying databases, servers, containers, and more on a single control plane. Admins abstract the layer of who has access to what – no more need for shared logins. And simplified workflows let users gain access in minutes rather than hours, days, or weeks. We make access easy, so you can focus on getting things done.

Is your infrastructure access overdue for innovation? Check out the full report, 2022: The Year of Access. Then schedule a free demo of StrongDM to see how our infrastructure access platform can help you upgrade access management today.



About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

logo
💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

What is Identity as a Service (IDaaS)?
What is Identity as a Service (IDaaS)? All You Need to Know
In this article, we’ll examine what Identity as a Service (IDaaS) is and how companies use IDaaS to enhance their security posture. You’ll learn why identity and access management (IAM) is important, how outsourcing IAM can support your goals, and the limitations of using a cloud-based IDaaS. By the end of this article, you’ll understand how an IDaaS solution works, the problems IDaaS addresses, and the role IDaaS will play in the future of identity management.
What is IGA? Identity Governance & Administration Explained
What is IGA? Identity Governance & Administration Explained
In this article, we’ll take a broad look at identity governance and administration (IGA) and examine how it differs from other IT risk mitigation topics. You’ll get insight into the history, benefits, and features of IGA and learn how to start planning an IGA implementation of your own.
Insider Threat: Definition, Types, Examples & Protection
Insider Threat: Definition, Types, Examples & Protection
In this article, we’ll take a look at insider threats in cyber security and the dangers they pose. You’ll learn the insider threat definition, who the insiders are, the types of insider threats to be aware of, and how to detect threats. By the end of this article, you’ll have a clearer understanding of the entire insider threat ecosystem and the best practices you can use to protect your organization, data, and systems.
Spring Clean Your Access Management | strongDM
Spring Clean Your Access Management
Time to spring clean your access management! Use these resources to establish healthy habits to keep your infrastructure access tidy all year long.
Agent vs. Agent-less Architecture
Agent vs. Agentless Architectures in Access Management
Agent vs. Agentless architectures is a recurring debate - covering specifics from monitoring to security. But when it comes to Access Management, some key considerations are necessary when defining the scalability of your solution and its impact on efficiency and overhead over time.