SSH.COM today announced the findings of a new survey, Re-Thinking Privileged Access Management in the Age of Hybrid Cloud, which reveal the risky behaviors that IT and application development professionals exhibit when organizations impose strict IT policies.
Polling 625 IT and application development professionals across the United States, United Kingdom, France, and Germany, the survey verified that hybrid IT is on the rise and shows no signs of slowing down. Fifty-six percent of respondents described their IT environment as hybrid cloud, an increase from 41 percent a year ago. On average, companies are actively using two cloud service vendors at a time.
While hybrid cloud offers a range of strategic benefits related to cost, performance, security, and productivity, it also introduces the challenge of managing more cloud access.
The survey found that cloud access solutions, including privileged access management software, slow down daily work for most respondents (71 percent). The biggest speed bumps were cited as configuring access (34 percent), repeatedly logging in and out (30 percent), and granting access to other users (29 percent).
These hurdles often drive users to seek risky workarounds, with more half (52 percent) of respondents claiming they would “definitely” or at least “consider” bypassing secure access controls if they were under pressure to meet a deadline. The majority of respondents (85 percent) also share account credentials with others out of convenience, even though most (70 percent) understand the risks of doing so. These risks are further exacerbated when considering that more than half (60 percent) of respondents use unsecure methods to store their credentials and passwords, including in email, in non-encrypted files or folders, and on paper.
“As businesses grow their cloud environments, secure access to the cloud will continue be paramount. But when access controls lead to a productivity trade-off, as this research has shown, IT admins and developers are likely to bypass security entirely, opening the organization up to even greater cyber risk,” said Jussi Mononen, chief commercial officer at SSH.COM. “For privileged access management to be effective, it needs to be fast and convenient, without adding operational obstacles. It needs to be effortless.”
In addition to exposing the risky behaviors of many IT and application development professionals when accessing the cloud, SSH.COM’s survey also revealed some unwitting security gaps in organizations’ access management policies. For example, more than 40 percent of respondents use public Internet networks – inherently less secure than private networks – to access internal IT resources. Third-party access was also found to be a risk point, with nearly a third (29 percent) of respondents stating that outside contractors are given permanent access credentials to the business’ IT environment. Permanent credentials are fundamentally risky as they provide widespread access beyond the task at hand, and can be forgotten, stolen, mismanaged, misconfigured, or lost.
Mononen continued, “When it comes to access management, simpler is safer. Methods like single sign-on can streamline the user experience significantly, by creating fewer logins and fewer entry points that reduce the forming of bad IT habits. There is also power in eliminating permanent access credentials entirely, using ephemeral certificates that unlock temporary ‘just-in-time’ access to IT resources, only for the time needed before access automatically expires. Ultimately, reducing the capacity for human error comes down to designing security solutions that put the user first and cut out unnecessary complexity.”
Download the full report here.
SSH.COM helps organizations access, secure and control their digital core – their critical data, applications and services. We have over 3,000 customers around the world, including 40 percent of Fortune 500 companies, many of the world’s largest financial institutions, and major organizations in all verticals. We are committed to helping our customers thrive in the cloud era with solutions that offer secure access with zero inertia, zero friction and zero credentials risk. SSH.COM sells online; through offices in North America, Europe and Asia; and through a global network of certified partners. The company’s shares (SSH1V) are quoted on the NASDAQ Helsinki. For more information, visit www.ssh.com.