OAKLAND, Calif., Nov. 9, 2022 /PRNewswire/ — Teleport, the leader in identity-native infrastructure access, today revealed its second annual State of Infrastructure Access and Security Report (PDF). The research seeks to uncover the specific challenges facing DevOps, security engineering and other security professionals. The survey found access built on secrets continues to represent the status quo, as 80% of respondents are still using passwords as a top security method. Concerningly, less than a quarter (24%) of respondents are fully confident that ex-employees no longer have access to company infrastructure.
The report offers a representative sample of the common beliefs and observations shared by industry professionals, as well as the actions they take to keep their organizations safe. Key findings include:
- Infrastructure is becoming more complex — with no signs of slowing down: Organizations use on average 5.7 different tools to manage access policy, making it complicated and time-consuming to completely shut off access.
- Even the best-laid plans fall victim to complexity or apathy: More than half (57%) of respondents said their organization has implemented new security methods that failed to be adopted by employees.
- Security spending is on the rise: Even amid the ongoing inflation crisis, 85% of respondents say their security spending increased within the last 12 months.
"The 2022 Infrastructure Access and Security Report definitively shows that DevOps, security engineering and other security professionals understand the challenges they face, as well as the most effective tools for securing their infrastructure," said Ev Kontsevoy, CEO of Teleport. "But while the vision is clear, execution continues to lag behind."
Infrastructure is only becoming more complex
One year ago, the 2021 State of Infrastructure Access and Security Report highlighted the incredible complexity of technology architectures. While 77% of respondents said that moving to passwordless access was Important or Very Important, this year's survey reveals that number of respondents using passwords to grant access to infrastructure increased by 10% year over year, from 70% in 2021 to 80% in 2022.
When asked how confident they were that employees who leave the company can no longer use secrets to access company infrastructure, less than a quarter of respondents reported being 100% confident that the access had been revoked. Strikingly, nearly half of organizations are less than 50% confident that former employees no longer have access to infrastructure. This lack of confidence is trending in the wrong direction: the share of respondents with less than 50% confidence increased by 55% year over year.
The report found that respondents recognize the need to move toward passwordless access, and the share of those who view this shift as important increased over the last 12 months. Compared with 77% in 2021, 87% of respondents to this year's survey said moving towards a passwordless infrastructure is important or very important. This priority is reflected in company initiatives: 77% of respondents have an active initiative to move towards passwordless access; and 78% of respondents have an active initiative to move to biometric authentication, the most effective tool for establishing human identity for secure access.
While adoption of biometric authentication is promising — more than half (55%) of respondents already use biometrics in their systems — there are still significant barriers to widespread adoption. Notably, 62% of respondents cited privacy concerns as a leading challenge when replacing passwords with biometric authentication, while 55% pointed to a lack of devices capable of biometric authentication.
"With architectures growing in complexity, coupled with the rising number of threats and bad actors, DevOps and security engineering leaders cannot afford to delay any longer in turning their plans into actions," said Kontsevoy. "Secretless, identity-based infrastructure access is the only way forward."Methodology
The 2022 Infrastructure Access and Security Report survey was based on a representative sample of DevOps, Security Engineering, and other security professionals with knowledge about how their company manages access to infrastructure. A total of 500 respondents completed the survey, which was conducted by Schlesinger Group, an independent research company.
The Teleport Infrastructure Access and Security report is available today and can be found here (PDF).
Teleport is the first identity-native infrastructure access platform for engineers and machines. By replacing insecure secrets with true identity, Teleport delivers phishing-proof zero trust for every engineer and service connected to your global infrastructure. The open source Teleport Access Platform provides a frictionless developer experience and a single source of truth for infrastructure access. Teleport is used by leading companies including Elastic, Samsung, NASDAQ, and IBM. The company is backed by Bessemer Venture Partners, Insight Partners and Kleiner Perkins. Headquartered in Oakland, California, the company embraces a remote-first work culture. For more information, please visit goteleport.com.