"Access Management Issues May Create Security Holes"

According to a study by the security vendor strongDM that polled 600 IT, security, and DevOps workers, access restrictions meant to secure corporate systems may have the adverse effect of causing employees to find workarounds and share credentials with co-workers, thus creating potential security vulnerabilities. The study found that in many cases, users will find alternative methods for accessing their containers, cloud services, and other important tools when they do not have access via the managed company channels. The problem stems from a natural conflict related to the pressure that employees face when trying to meet deadlines. While executives and managers press IT administrators to update network services to the most recent versions and to implement secure and well-maintained access protocols, end-users, particularly developers and DevOps teams who rely on stored code and containers, require access to those resources. The survey discovered that end-users need about 15 minutes of access per day to get the data they need for work. Meanwhile, nearly 39 percent of administrators polled said that simply connecting new tools to their existing access management systems takes several days. While new systems are being integrated with access management controls, end-users will still need to meet deadlines and complete projects, meaning they will likely operate outside the management controls. These workarounds could include directly accessing the cloud service or system using their personal credentials or even a shared login. Of those polled, 55 percent said they had seen their teams maintain a backdoor access method, while 53 percent said they shared credentials to important services. This is where major security risks emerge as these credentials are then vulnerable to hackers through account theft, malware, or other common methods. This article continues to discuss key findings from strongDM's study regarding how access management issues can create security vulnerabilities. 

TechTarget reports "Access Management Issues May Create Security Holes"