Improve Access to Maximize Security and Worker Productivity
In the enterprise, access is foundational to allowing technical teams to do their jobs. There’s a great responsibility involved with metering access to workflows and systems, but using legacy methods that don’t scale or are non-compliant can put an organization at unnecessary risk.
In a recent survey, 53% of DevOps teams said they require hours to weeks just to access critical infrastructure. This illustrates access as a significant barrier to enterprise productivity, and also a common reason why teams begin sharing logins or over-provisioning users, to ease friction.
In turn, these workarounds reduce organizational security and create compliance nightmares. Having been responsible for IT and access in two of my roles, I know the downstream effects all too well.
In this article, I’ll address how to avoid such security missteps by embracing modern practices like zero trust and illustrate how improving access can bolster organizational security and make development and technical teams more efficient and productive.
The Scope of the Access Problem
Last fall, in partnership with Pollfish, my company surveyed 600 DevOps professionals from all over the United States, representing organizations of virtually every size. Nearly 80% of these organizations reported that access management was a strategic initiative for this year.
This focus highlights the overwhelming need for enterprises to secure and streamline infrastructure-wide access controls as a prerequisite to other priority initiatives like zero trust.
As an industry, we understand that common security risks like ransomware, breaches and many other security issues often begin with the ordinary issue of access. We also know that in the wake of widespread cyberattacks, zero trust, while aspirational, has become a priority to our government as a means of protecting the nation from continuing threats. The biggest obstacle is that it is nearly impossible to achieve zero trust without first addressing the pervasive and profound challenges associated with legacy access management.
Access also Affects Embracing New Technologies
The challenge of providing frictionless access compounds with every new technology or system added to the enterprise. As teams grow and organizations choose new cloud-first technologies, traditional access-control methods become unsustainable.
In fact, legacy access processes are creating significant inefficiencies for teams, hampering their agile development practices, and requiring intensive time and resources. For example, 88% of organizations require two or more employees to review and approve access requests. This can take days or weeks to fulfill, to either request and grant access, or complete the task of assigning, rotating and tracking credentials.
Now, multiply these challenges across a company’s entire technology stack, including cloud providers, databases, data centers and servers. Factor in the emergence and adoption of new technologies such as Kubernetes and containers, and it quickly becomes an unwieldy task.
Align Access to Role for Security, Time Management
To prevent the infrastructure from becoming a tangled web of access requirements, organizations can complete a detailed inspection of current inventory. This includes verifying that access for former contractors, vendors or employees have been properly removed, as well as all recently terminated employees.
Once that is complete, pay attention to current employees, reviewing the last time organization roles were aligned to the access each one needs. If team members were recently promoted or have changed roles, do those changes require the same access to critical systems?
In reviewing these changes, you can determine if temporary access is no longer required and revoke where necessary.
Finally, consider that onboarding and offboarding may not be the only organizational processes in need of an upgrade. Be open to feedback from all relevant departments and solicit their help to determine which systems and processes could benefit from simplified, yet secure, access.
By prioritizing best practices, tools and more, you can discover areas to improve access and boost the organization’s security posture.
All of this goes a long way in providing employees with an equitable and improved work experience.
Despite the ubiquity of infrastructure access, organizations that are actively addressing it see tangible benefits, including higher productivity, reduced costs, improved security and compliance, and even improved peace of mind.