<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
LAUNCH WEEK 🚀 Enable continuous, contextual + granular authorization. Learn more.

When Old-School Isn't Cool: Sluggish and Untenable Access

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

In DevOps environments, fast and steady wins the race. So when developers struggle to gain timely access to the systems they need, it’s clear that something isn’t working. And these challenges extend beyond DevOps to include users in both technical (e.g. data science, engineering) and non-technical roles (e.g. HR, finance). Old-school access policies make it harder for users of all types to connect to the databases and other infrastructure they require to do their jobs. 

Waiting For Access

Stop me if you’ve heard this one. Q: How many requests does it take to gain access to critical systems? A: Far too many.*

The combination of legacy approaches, cloud services, and rapidly-growing businesses that contribute to modern computing environments is making it harder and harder to grant users the access they need when they need it. In fact, in our recent survey, 88% of respondents said two or more employees are involved in approving and granting an access request. More than one in five organizations require four or more people to be involved.

And, no surprise–jumping through all those hoops takes time. At 50% of organizations, the average access request takes hours, days, or weeks to fulfill. If one of the main tenets of DevOps is agility, then it’s clear these workflows are fundamentally broken.

Those Workarounds Aren’t Working

Broken workflows motivate admins and users to find access workarounds such as over- and underprovisioning, password sharing, and using static credentials. And while unsanctioned attempts to sidestep old-school security measures may ease bottlenecks and speed up production, they often lead to real-world consequences.  

This article is quite eye-opening. It presents a typical day at a hospital, with healthcare professionals sharing logins, taping passwords to their devices, and even requiring “the most junior person on a medical team … to keep pressing the space bar on everyone’s keyboard to prevent [session] timeouts.” But you can’t fault the users. Although their behaviors can put patients at serious risk, so do the outdated protocols the doctors and nurses are trying to circumvent.

Outside of the healthcare industry, problems are just as prevalent. In our recent survey, 42% percent of DevOps professionals report the use of shared SSH keys, and 65% manage infrastructure access with team or shared logins.

Old Methods Don’t Scale and Are Non-compliant

Sluggish access is more than an inconvenience. The workarounds people take to ease friction can lead to security gaps and compliance problems, plus a lot of pain for users and admins alike. 

Spreadsheets and sticky notes may work well enough in the early days of an organization, but these methods certainly don’t scale. And they make implementing new security initiatives, such as Zero Trust, nearly impossible.

Furthermore, stopgap measures such as credential sharing make evidence gathering for compliance extremely difficult, as nobody really knows who has access or who was in your systems at any given time. Keeping a trail of who-did-what-when is essential to modern access control. Failing to do so may explicitly violate regulatory requirements, and even when they don’t, observability is just good security hygiene.

Want to learn more about how your peers are managing access to their infrastructure? Check out the full report, 2022: The Year of Access. Then schedule a free demo of StrongDM to see how you can upgrade your access management today.


About the Author

, Contributing Writer and Illustrator, has a passion for helping people bring their ideas to life through web and book illustration, writing, and animation. In recent years, her work has focused on researching the context and differentiation of technical products and relaying that understanding through appealing and vibrant language and images. She holds a B.A. in Philosophy from the University of California, Berkeley. To contact Maile, visit her on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Joiners, Movers, and Leavers (JML) Process (How to Secure It)
Joiners, Movers, and Leavers (JML) Process (How to Secure It)
People come, and people go, and while digital identities should cease to exist after a departure, many times, this doesn’t happen. At any given time, organizations can have thousands of user identities to manage and track, so when processes aren’t automated, it’s easy for many identities to fall through the cracks. This phenomenon is called Identity Lifecycle Management, and when it comes to access and security, it’s worth the time to get it right.
Reduce Security Risk with StrongDM Device Trust
Reduce Security Risk with StrongDM Device Trust
We are thrilled to announce a new feature to our StrongDM® Dynamic Access Management (DAM) platform: Device Trust. This feature amplifies your organization's security posture by employing device posture data from endpoint security leaders CrowdStrike or SentinelOne.
How to Meet NYDFS Section 500.7 Amendment Requirements
How to Meet NYDFS Section 500.7 Amendment Requirements
The New York Department of Financial Services (“NYDFS”) Cybersecurity Regulation is a set of comprehensive cybersecurity requirements that apply to financial institutions operating in New York. The goal of the regulation is to ensure that the cybersecurity programs of financial institutions have robust safeguards in place to protect customer data and the financial sector.
AWS Well-Architected Framework Security Best Practices
AWS Well-Architected Framework Security Best Practices
The AWS Well-Architected Framework has been a staple for many years for AWS practitioners of all sorts, including cloud architects and platform engineers. It’s a blueprint for architectural and design best practices that will lay the foundation for resilience, operational efficiency, and security on the AWS Cloud.
Fine-Grained vs. Coarse-Grained Access Control Explained
Fine-Grained vs. Coarse-Grained Access Control Explained
If credentials fall into the wrong hands, intruders may enter a network and launch a disastrous attack. In fact, 46% of cybersecurity incidents involve authentication credentials, according to the Verizon 2022 Data Breach Investigations Report. Organizations have two general ways to determine someone’s access rights once past initial authentication: Coarse-grained access control (CGAC), which relies on a single factor, and fine-grained access control (FGAC), which relies on multiple factors. Traditionally, CGAC has been the easier option, while FGAC offers superior security at the cost of more complex implementation.