The need for more effective security measures is widespread across all industries. Thanks to a shift toward more hybrid and remote work models supported by cloud access, organizations are experiencing record-high data breaches and constantly at risk. Teleport just released its 2022 State of Infrastructure Access and Security Report in which they set out “to understand the specific challenges facing DevOps, security engineering and other security professionals.”
The biggest takeaway: Organizations’ dependence on secrets (passwords, keys, tokens) as a means of access is the primary source of data breaches. This, combined with high turnover rates, personal use of devices, and reliance on third-party development and support services, contribute to highly ineffective security postures and ill-protected infrastructure in every industry.
Teleport’s key findings through their survey of 500 DevOps, Security Engineering, and other information security professionals via Schlesinger Group, an independent research company:
● “Organizations are at serious risk from messy breakups: Less than a quarter (24%) of respondents are fully confident that ex-employees no longer have access to company infrastructure.
● Access management is becoming more complex — with no signs of slowing down: Organizations use on average 5.7 different tools to manage access policy, making it complicated and time-consuming to completely shut off access.
● Security leaders want to move past secrets, but may not be ready to take the next step:
Secrets still represent the most common way of providing access, with 80% of respondents
reporting that they still use passwords as a security method. But there is hope for a future without secrets, as more than three-quarters (87%) of respondents are actively moving towards passwordless access. Biometrics allows organizations to move beyond secrets, but 62% of respondents cite privacy concerns as their biggest challenge when adopting biometrics.
● Despite awareness of the problems, organizations are struggling to adapt: More than half
(57%) of respondents said their organization has implemented new security methods that failed to be adopted by employees.
● Security spending is on the rise: Despite economic uncertainty, 85% of respondents say their security spending increased within the last 12 months, indicating that organizations recognize the critical importance of solving the security challenges highlighted in this report.” (Teleport, 4-5).
Survey Respondents’ Top Challenges
1) “Establishing secure connection to infrastructure resources spread across the globe
2) Managing Key and password rotation
3) Implementing zero-trust access” (Teleport, 9)
Their solution? “Secretsless, identity-native infrastructure access is the only way forward.” What does secretless access look like? To avoid “access silos,” those complex access controls that organizations everywhere are riddled with while mitigating the risk of lost or stolen credentials. This is an easy-to-adopt security measure for all employees.
Cyber Phoenix has courses that can help you secure your organization’s vital assets in this high-risk digital age. If you want to be instrumental in moving your organization toward identity-based infrastructure access, an affordable monthly course subscription gives you access to our Identity And Access Management course. Teleport’s 2022 report highlights that Identity and Access Management are critical to securing the access and availability of enterprise assets. Our comprehensive course covers the key areas of IAM, including fundamental concepts, but also the technologies and the different approaches to implementing effective IAM across the enterprise, web services, and government.