Access restrictions that are meant to keep corporate systems secure may have the adverse effect of causing employees to find workarounds and share credentials with co-workers, creating potential security vulnerabilities.
That’s according to a study from security vendor strongDM, which recently polled 600 IT, security and DevOps workers and found that in many cases, users find alternative methods to access their containers, cloud services, and other essential tools when they don’t have access through the managed company channels.
The problem, according to StrongDM, whose software provides technical staff with direct access to infrastructure, arises from a natural conflict related the pressure that employees face to make deadlines vs. the demand for newer, better-maintained systems and services.
While executives and managers press IT admins to update to the latest and greatest versions their network services, as well as implement secure and well-maintained access protocols, end users, particularly developers and DevOps teams who rely on stored code and containers, need to access those resources.
The survey found that, on average, end users require about 15 minutes of access per day to get the data they require for work. Meanwhile, around 39%of the admins polled said that simply getting new tools linked up with their existing access management systems takes multiple days to accomplish.
While new systems are being integrated with access management controls, end users will still have deadlines to meet and projects to accomplish. This means that they go outside of the management controls.
“Technical employees tend to be problem solvers by definition,” the report noted. “If they cannot get access to the tools or solutions they need to meet a deadline or complete a project, it’s no surprise when they come up with workarounds in order to solve the problem.”
Those workarounds could include things like directly accessing the cloud service or system using their personal credentials or even a shared login; 55% of those surveyed said they have seen their teams maintain a backdoor access method, while 53%said they shared credentials to important services.
This is where the major security threat arises. Those credentials then become vulnerable to hackers via account theft, malware, or other common tricks.
Stolen credentials accounted for nearly 50% of attacks in 2021 and was present in third-party breaches, phishing attacks, basic web application attacks and system intrusions, according to the Verizon 2022 Data Breach Investigations Report.
Hackers could easily use compromised accounts to move laterally over the network and accomplish complete takeovers and data theft. This is particularly dangerous for developers and DevOps teams as it further creates the potential for supply chain attacks against other enterprises and networks.
“Backdoors get created when teams get frustrated with delays and roadblocks. If they run into too many blockers on one project, when the next project is kicked off they may create the backdoors to avoid slowdowns, bypassing proper protocols for managing access,” strongDM co-founder and CTO Justin McCarthy told SearchSecurity.
“On the flip side, sometimes the backdoors and shared credentials happen early in the development cycles because the team is moving fast and open access is easier than implementing proper controls,” he added.
There are many identity and access management products on the market that aim to address the balance of security and employee access, including CyberArk, Microsoft, and IBM, as well as a number of smaller vendors.