65 percent of organizations still use shared logins for infrastructure access
Despite the fact that admin credentials represent a major prize for hackers and cybercriminals, a new report reveals that 65 percent of organizations still rely on shared logins and 41 percent use shared SSH keys.
The survey of 600 DevOps professionals from infrastructure access platform strongDM shows that technical staff at 93 percent of organizations have access to sensitive systems.
There is though a glimmer of hope in that 80 percent of organizations are looking to address access management as a strategic initiative over the next 12 months, highlighting the need to secure and streamline infrastructure-wide access controls before implementing other initiatives, like zero trust.
"Whether it's ransomware, breaches, or just about any other type of security issue, virtually all begin at the same place -- access," says Tim Prendergast, CEO at strongDM. "The combination of legacy approaches, new technologies, and ever evolving organizations has made the process for getting access to infrastructure and systems long and arduous. It also makes implementing new security initiatives, such as Zero Trust, impossible without first addressing the pervasive and profound challenges associated with legacy access management."
The report also finds that legacy access processes create inefficiencies, requiring time and resources, and blocking agile development practices. 88 percent of organizations require two or more employees to review and approve access requests, sometimes taking days or weeks to fulfill. Respondents cite their biggest challenges as the time required to request and grant access (52 percent), and the task of assigning, rotating, and tracking credentials (51 percent).
Respondents list cloud providers, databases, data centers, and servers among the most challenging for controlling access management. Further complicating things is that these technologies are cumulative -- legacy tools continue in production while new tools are added -- leading to ever-increasing complexity.
The full report is available from the strongDM site.