Couchbase announced a broad range of enhancements to its Database-as-a-Service Couchbase Capella™.
DevOps teams are dealing with more complex issues than ever before — but do you ever feel like you're spending too much time bogged down with the mundane details of infrastructure access?
When DevOps professionals can't get easy, secure access to the systems and platforms that they need to do their jobs, the entire organization's productivity suffers.
Good news: you're not alone. A recent survey found that most organizations are struggling with these same problems — and infrastructure access is becoming a new strategic priority.
strongDM recently commissioned a survey of 600 DevOps professionals, called 2022: The Year of Access. The survey respondents told us that in the next 12 months, 80% of organizations are looking to address access management as a strategic initiative.
Let's take a closer look at the landscape of access management and see why this topic has become top-of-mind for DevOps leaders as they look to stay agile and keep delivering high-quality code as efficiently as possible.
Access Management Is More Complicated Than Ever Before
Legacy access management presents several complex challenges. Many organizations are combining legacy approaches with new technologies in a way that causes confusion or duplicated effort. Some are still using manual processes or requiring multiple approvals in a way that runs counter to operational efficiencies.
The survey found a few troubling trends that illustrate why access management has become so complicated:
■ 93% of organizations' technical staff have access to sensitive infrastructure
■ 60% of respondents have access challenges with cloud providers
■ 57% have access challenges with databases, data centers, and servers
Access management has become more time-consuming, especially for fast-growing organizations. 41% of survey respondents said that gathering evidence for compliance is a top challenge. 88% of organizations require two or more employees to review and approve access requests, which might require days or weeks to fulfill.
Other big challenges identified by the survey of DevOps professionals include: time required to request and grant access (mentioned by 52% of respondents), and the task of assigning, rotating, and tracking credentials (51%).
Less Than Best Practices for Access Management? Hello Security Risk
The complexity and time-consuming effort of access management is leading some teams to take shortcuts in a way that might compromise their organization's security. Unfortunately, the survey found that many organizations are using unsecure practices for access management:
■ 65% of organizations use shared logins
■ 42% use shared SSH keys
At the other extreme, some organizations are requiring lengthy processes to grant access, which can hinder workforce productivity. 53% of organizations take hours to weeks before infrastructure access can be granted; 88% of organizations require 2 or more people to grant and approve access, and 25% require 4 or more people to approve.
Best Practices for the Future of Access Management
As organizations adopt more advanced systems like Kubernetes, embrace security initiatives like Zero Trust, and grow the size of their teams, they're going to need a better approach to access management.
As modern infrastructure becomes more complicated, access management needs to be safer and simpler, in a way that works for the entire team, including:
■ Simplified access with one control plane
■ Reduction of provisioning time while maintaining SOC 2-compliant auditing
■ One credential per person
■ Visibility and automatic logging of every single backend activity
Today's DevOps teams demand better ways of managing access to infrastructure. With the right approach, it's possible for organizations to maintain a high level of security while simplifying their team's access for more operational efficiencies across the stack as well as protect your systems and drive results for all of your other strategic goals.
Industry News
Remote.It release of Docker Network Jumpbox to enable zero trust container access for Remote.It users.
Platformatic launched a suite of new enterprise-grade products that can be self-hosted on-prem, in a private cloud, or on Platformatic’s managed cloud service:
Parasoft announced the release of C/C++test 2023.1 with complete support of MISRA C 2023 and MISRA C 2012 with Amendment 4.
Rezilion announced the release of its new Smart Fix feature in the Rezilion platform, which offers critical guidance so users can understand the most strategic, not just the most recent, upgrade to fix vulnerable components.
Zesty has partnered with skyPurple Cloud, the public cloud operations specialists for enterprises.
With Zesty, skyPurple Cloud's customers have already reduced their average monthly EC2 Linux On-Demand costs by 44% on AWS.
Red Hat announced Red Hat Trusted Software Supply Chain, a solution that enhances resilience to software supply chain vulnerabilities.
Mirantis announced Lens Control Center, to enable large businesses to centrally manage Lens Pro deployments by standardizing configurations, consolidating billing, and enabling control over outbound network connections for greater security.
Red Hat announced new capabilities for Red Hat OpenShift AI.
Pipedrive announced the launch of Developer Hub, a centralized online app development platform for technology partners and developers.
Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers.
Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds.
Teleport announced Teleport 13, the latest version of its Teleport Access Platform to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure.
Kasten by Veeam announced the release of its new Kasten K10 V6.0 Kubernetes data protection platform.
Red Hat announced Red Hat Developer Hub, an enterprise-grade, unified and open portal designed to streamline the development process through a supported and opinionated framework.