DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Survey Surfaces Application Modernization Challenges
  • Dylibso Releases Tool for Tracking and Validating Wasm Modules
  • Data APIs: Realizing the Future of Data Warehousing
  • GraphQL Documentation Generators: How They Work and Why They Matter
  • Perceptions of Reality

Home » Blogs » Infrastructure Access Management a Growing DevOps Priority

Infrastructure Access Management a Growing DevOps Priority

By: Nathan Eddy on January 21, 2022 Leave a Comment

Organizations plan to address access management over the next 12 months, as the need to secure and streamline infrastructure-wide access controls serves as a prerequisite to other initiatives, like zero-trust.

This was one of the key findings of a survey of 600 DevOps professionals conducted by Pollfish and sponsored by strongDM. The report also found that legacy access processes created severe team inefficiencies.

These inefficiencies require intensive time and resources to fix and block agile development practices: Nearly nine in 10 organizations surveyed said they required two or more employees to review and approve access requests and that those could take days or weeks to fulfill.

The survey also indicated that organizations continue to use access management practices that are not secure and that make it difficult to track and audit users and permissions of critical business systems.

Tim Prendergast, CEO of strongDM, said as more jobs become technical, there’s a bigger need to deliver access to more people–and that can have a severe impact on a company’s ability to remain secure. He explained that when 65% of organizations are reporting their teams used shared logins—and over 40% used shared SSH keys—there’s virtually no way for you to know who is in your infrastructure or the havoc they may be wreaking.

“This makes it difficult to pinpoint any leakage or loss because you have 20 copies of your house key floating around,” he said. “It’s an example of the trade-off most organizations make when it comes to speed and ease of access versus ensuring that access is secure.”

Survey respondents said their biggest challenges were the time required to request and grant access (52%) and the task of assigning, rotating and tracking credentials (51%).

Hurry Up and Wait

“Using current approaches to access means you’re hiring these high-paid, technical resources and telling them to hurry up and wait,” Prendergast said.

Nearly half (47%) of respondents said they struggled with onboarding employees and contractors and Prendergast pointed out that one in four organizations said simply getting approval for access required a process that involved four people.

“Think about that—in 25% of organizations, you have technical resources basically twiddling their thumbs while they wait to get access to this database or to that Kubernetes cluster,” he said. “Now multiply that by however many databases, servers, employees and third-party vendors that you have. And that’s not even counting when new technologies like Kubernetes are added to your infrastructure. Eventually, even just the frustration of your team as they wait for access becomes a liability.”

2022: A Year of Convergence

Prendergast predicted 2022 will see DevOps and security converge beyond what we’ve already seen with DevSecOps, where it has been heavily focused on shifting left and bringing security into the development cycle earlier.

“This convergence will be marked by new workflows, technologies and solutions that not just improve security, but that also improve the development cycle,” he said. “One great example is optimizing infrastructure access—when done right, you can improve your security posture with zero-trust methodologies while also making it easier for DevOps teams to access systems quickly and easily.”

He added that two of the biggest workforce dynamics facing zero-trust are remote work and the Great Resignation.

“You used to have this environment where you’d have to be physically present or on the VPN to have access—remote work broke that,” he explained. “And now you also have this large number of employees leaving their jobs. Do you know what systems they had access to? How do you know if all of that access has been turned off? What happens if they were using shared credentials?”

Prendergast said that’s why addressing access is critical to meeting this challenge and getting to modern security—if you don’t know who has access to what or what they can do in each system, you can never get to zero-trust.

“Organizations need to find a way to understand the relationship between each technologist and each technology and then be able to track and audit those relationships,” he said. “Until you do that, you’ll have a really hard time getting to zero-trust. These are the table stakes for modern security.”

Recent Posts By Nathan Eddy
  • Culture a Stumbling Block to DevOps, DevSecOps
  • GitLab Research Shows Security Concerns in DevOps Teams
  • Opportunities and Challenges of Observability
More from Nathan Eddy
Related Posts
  • Infrastructure Access Management a Growing DevOps Priority
  • What SASE Means for DevOps Teams
  • Why DevSecOps Should Be Top Priority
    Related Categories
  • Blogs
  • DevOps Culture
  • DevOps Practice
  • DevSecOps
  • Features
  • Identity and Access Management
  • Infrastructure/Networking
  • News
    Related Topics
  • agile infrastructure
  • Cybersecurity
  • devsecops
  • identity and access management
  • least-privilege
Show more
Show less

Filed Under: Blogs, DevOps Culture, DevOps Practice, DevSecOps, Features, Identity and Access Management, Infrastructure/Networking, News Tagged With: agile infrastructure, Cybersecurity, devsecops, identity and access management, least-privilege

« Survey Predicts Massive Migration to the Cloud
2022 Will Be the Year of the Cyber ‘Shift Show’ »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Build Securely by Default With Harness And AWS
Tuesday, March 28, 2023 - 1:00 pm EDT
Accelerate Software Development Flow with Value Stream Management
Wednesday, March 29, 2023 - 1:00 pm EDT
Cloud-Native Developer Tools: What's on the Horizon?
Thursday, March 30, 2023 - 1:00 pm EDT

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

Survey Surfaces Application Modernization Challenges
March 23, 2023 | Mike Vizard
Dylibso Releases Tool for Tracking and Validating Wasm Modules
March 23, 2023 | Mike Vizard
Data APIs: Realizing the Future of Data Warehousing
March 23, 2023 | Tanmai Gopal
GraphQL Documentation Generators: How They Work and Why They Matter
March 23, 2023 | Gilad David Maayan
Postman Releases Tool for Building Apps Using APIs
March 22, 2023 | Mike Vizard

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

Grafana Labs Acquires Pyroscope to Add Code Profiling Capability
March 17, 2023 | Mike Vizard
Four Technologies Transforming Data and Driving Change
March 17, 2023 | Thomas Kunnumpurath
How Database DevOps Fuels Digital Transformation
March 17, 2023 | Bill Doerrfeld
5 Unusual Ways to Improve Code Quality
March 20, 2023 | Gilad David Maayan
Neural Hashing: The Future of AI-Powered Search
March 17, 2023 | Bharat Guruprakash
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.