<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Meet StrongDM in person at Oktane 2023! Book a meeting with us here.

Agent vs. Agentless Architectures in Access Management

The Problem with Agent-Based Access Management
StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Agent vs. Agentless architectures is a recurring debate - covering specifics from monitoring to security. But when it comes to Access Management, some key considerations are necessary when defining the scalability of your solution and its impact on efficiency and overhead over time.

Agent-based Access Management: Welcome to the World of Agent++

One of the biggest challenges with using agents for Access Management is they inherently require a 1:1 ratio of agent to infrastructure. In an Access Management context, that means you must have an agent on every piece of infrastructure if you hope to streamline access across your environment. We call this Agent++.

What is Agent++?

Agent++ is the continuous act of adding agents to every piece of infrastructure to provide streamlined access, due to the need to have a 1:1 ratio of agents to systems. That means:

  • You need an agent installed on every existing system.
  • You need an agent installed on every new system.
  • You need to update every agent on every system over time. 

The result is an endless loop: New system. New agent. New system. New agent. Found an old system? New agent.

In Access Management, “Agent++” means you’ve suddenly traded managing access at a system-by-system level to managing agents on a system-by-system level. Sure, you may have gained some efficiencies, but you’ve also introduced a slew of new challenges.

Agents, Overhead and their Impact on Efficiency

When the implementation process for a tool is complicated and time-consuming, that doesn’t bode well for you over time. This is where most people begin to recognize the issues with an agent-based approach to access management, because once you’ve taken inventory of all of your systems, you now have to install agents on every system.

And that’s just the starting point. The challenges associated with an agent-based approach to Access Management will compound over time. For example:

  • Due to the agent-based need to be on every single system, the initial implementation may be a lengthy process, delaying your team’s ability to quickly and easily access infrastructure.
  • Onboarding new systems will require individual agents to be installed on every one, every time.
  • Since agents share resources with the systems they’re installed on, they compete for resources with your critical systems.
  • You’ll eventually need to upgrade every agent over time - a process that will only become more complicated and time-consuming with every new system you add.

Relying on agents will dramatically impact the efficiency and productivity of your development and security teams – and not in a good way. 

Access Management: Agents vs. Agentless

Access Management is inherently an additive process. Access must be provided and managed for new, existing, and shadow (assuming you find them) systems in your infrastructure. That means that the ability to easily onboard and manage systems is critical.

Agent-based architectures are detrimental to this goal in a few key ways: 

  • There is an inability to dynamically add systems with minimal delay and overhead. 
  • Resources are required to manage agents over time. 
  • There is higher development overhead. 

Conversely, agentless architectures do not have many of those issues. By going agentless, it becomes significantly easier to add and remove new systems, there is no resource conflict between infrastructure and agents, and you no longer have to be concerned with managing or updating agents on every single system in your infrastructure. 

The combination of agentless benefits ultimately means less overhead, less impact on efficiencies over time, and now you no longer need to worry about Agent++. 

Agent++ in the Wild: One company’s struggle with agents, upgrades, and access

One StrongDM customer in the software development space had this exact issue - the company was using a tool that required agents to be installed on every new system. But because the company was growing rapidly, managing the scale and complexity of the deployment quickly became overwhelming, with one team lead stating, “You’d think a company full of really good engineers could get the solution deployed quickly - but it turned out to really be a burden.”

The organization struggled to keep up with the agents as new systems were added, when new people would join with new machines, and also when it came time to upgrade. “Every time we upgrade, there’s a huge project just to upgrade everything at the same time. We end up having to limp along.” And that was only working with three infrastructure tools, much less delivering streamlined access across the entire environment. This burden drove the company to explore other access solutions, including StrongDM (which they ultimately chose).

Want to see how agentless access management can help your organization? Sign up for a free trial or demo of StrongDM and see. 🙂

About the Author

, Senior Marketing Director, has held marketing leadership roles for Silicon Valley technology companies specializing in database, data management, and data analytics solutions. As head of content marketing at Splunk, Dominic contributed to boosting the company’s market visibility and its growth from a $100M to a $1.3B company. He brings relentless creativity to the task of connecting people with technical products to improve their lives. Dominic holds a B.S. degree in Public Relations from the University of Texas at Austin. To contact Dominic, visit him on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

5 Reasons to Level Up From Identity to Dynamic Access Management
5 Reasons to Level Up From Identity to Dynamic Access Management
Historically, finding an infrastructure access management solution that is secure while still being easy to use has been extremely difficult. Too often, ease of use and complexity end up at odds. StrongDM addresses this challenge–and does so by integrating with your existing identity-based security initiatives. This blog details how StrongDM enables organizations to level up their access management approach to meet the requirements of Dynamic Access Management (DAM), bolster security, and streamline operations.
StrongDM vs. CyberArk: Side-by-Side Comparison
StrongDM vs. CyberArk: Side-by-Side Comparison
Both StrongDM and Teleport are access control solutions designed to provide secure access to databases, servers, clusters, and web apps. While there are some similarities between the two solutions, there are also some key differences.
Unlocking Zero Trust: The Kipling Method for Policy Writing
Unlocking Zero Trust: The Kipling Method for Policy Writing
To embark on a successful Zero Trust journey, it's crucial to articulate and implement policies that align seamlessly with your business model. The Kipling Method serves as a guiding light in this endeavor. Let's delve into the six fundamental questions it poses.
Simplifying AWS Access with StrongDM Without Compromising Security Posture
Simplifying AWS Access with StrongDM Without Compromising Security Posture
Since Amazon Web Services first announced it in 2011, AWS IAM has evolved to become the gateway to the AWS Cloud. Organizations cannot interact with their cloud resources and its many services without it. Identity, not networking, is the real access boundary.
Feature Deep Dive: Access Workflows
Feature Deep Dive: Access Workflows
Standing Credentials. They’re a problem that seems to persist despite the latest security and access innovations. They’re also one of the main reasons that achieving zero trust is so hard–and enough of a problem that two strategic security initiatives have come to the forefront: Just-in-Time (JIT) access and Zero Standing Privileges (ZSP).