Why Secure Infrastructure Access Must Evolve: Insights from Teleport’s 2024 Survey

The Challenge of Modern Infrastructure Security

89% of organizations suffered at least one security incident in the past three years, according to The 2024 State of Secure Infrastructure Access, a new survey of 250 security and engineering leaders.

The rise of cloud computing, the surge of identity-based attacks, and increasing regulatory compliance concerns have forced companies to rethink how they handle security, productivity, and compliance. Over 74% of survey respondents indicated infrastructure access security today has grown increasingly challenging – with 14% noting an “extreme” increase in difficulty.

For all the challenges being reported, Teleport’s 2024 State of Secure Infrastructure Access also sheds new light into infrastructure access security victories. Results from the survey detail how infrastructure access security “Leaders” are experiencing significant benefits – including 90% lower annualized costs for managing security incidents and six-times fewer incidents over a three year period – compared to less mature infrastructure access “Novices.”

While modern, highly scalable, and ephemeral infrastructure has become the norm, not all organizations are keeping up with the technology needed to address its complexity. By examining these challenges and the distinctions between “Leaders” and “Novices,” this survey identifies infrastructure capabilities forward-thinking organizations should prioritize.

Why Secure Access Matters More Than Ever

Organizations are more aware than ever that securing access to computing infrastructure is essential. In fact, respondents to our survey ranked infrastructure access security as the top technology initiative — on par with digital transformation and improving customer experience. However, awareness doesn’t make the challenge any easier to overcome.

Three out of four respondents say that securing access to infrastructure is getting harder each year. Why? Because the modern environment is a perfect storm of complexity:

• Cloud Computing: Cloud's distributed nature has made securing access more difficult as the number of entry points increases.
• Identity Attacks: The rise of identity-based attacks, where distinguishing between legitimate users and malicious actors is a growing challenge, has exposed vulnerabilities in access control.
• Complex Infrastructure: Increasing complexity in systems means an exponential growth in potential vulnerabilities, making access management a puzzle with ever-changing pieces.
• Remote Work: Unsecured home networks and diverse endpoints have made securing access even more complicated.
• AI-Enhanced Threats: Malicious actors are using AI to craft more sophisticated, cheaper, and highly effective attacks.

This leaves organizations with a daunting responsibility: protect increasingly complex infrastructure in the face of proliferating access points, tightening compliance requirements, and increasingly sophisticated attacks.

The True Impact of Access Security on DevOps

One of the many challenges explored in this survey is the proliferation of credentials and secrets. Overall, 88% of survey respondents reported that the increase in credentials and secrets poses a significant challenge to implementing infrastructure access security – especially when securing from new cloud, edge, or IoT silos.

86% of the same respondents also included sustaining DevOps pipelines as a chief concern. Engineers and developers are under intense pressure to ship code quickly to meet business objectives. In these scenarios, security often falls by the wayside, leading to the use of shortcuts – such as hard-coding secrets into config files, or creating backdoor access paths to avoid clunky check-in/check-out procedures. These actions not only compromise security but also make it increasingly difficult for compliance teams to do their job.

But security and compliance doesn’t always have to negatively impact day-to-day engineering and development workflows. In fact, our survey found that over 72% of respondents reported faster software development, agility, and time-to-market as a result of infrastructure access security initiatives.

Compliance Complexity: The Job That Never Stops

As infrastructure has become more complex, the responsibilities of compliance teams seem next to impossible. Designing controls to cover the breadth of modern infrastructure is one challenge; proving adherence to those controls is another. When developers are spinning up new instances and pushing code around the clock, keeping access controls up-to-date, properly monitored, and audit-ready is a never-ending battle.

The results of this survey only further confirm this challenge; 86% of survey respondents listed regulatory compliance as one of the most important challenges. The proliferation of credentials, secrets, and access points has made it incredibly challenging to pass compliance audits, protect sensitive data, and ensure that systems are adequately secured.

The Time to Rethink Access at Scale is Now

The key takeaway from the 2024 State of Secure Infrastructure Access survey is clear: organizations can no longer afford to treat secure access as an isolated, IT-only problem.

Instead, it should be approached as a cross-functional issue that requires a new approach — one that aligns the needs of security, engineering, and compliance teams to ensure seamless, secure access without compromising productivity or increasing risk.

Teleport’s Advice: Look to the Leaders

The survey not only identifies infrastructure access challenges, but also highlights what the Leaders – our top-performing organizations – are doing to secure access effectively.

In the report, we found that Leaders are focusing on:

• Consolidating Identities: Reducing complexity by unifying identities across humans, endpoints, and machines, minimizing silos and improving policy management.
• Unifying Access Control: Providing engineers with a dynamic access dashboard to eliminate the need for remembering multiple access paths, thus improving security and productivity.
• Eliminating Standing Privileges: Shifting to ephemeral, cryptographic-based access, removing standing credentials like passwords and reducing the attack surface.
• Implementing Defense-in-Depth: Using layered identity verification, such as MFA for admin actions, to prevent breaches.
• Unifying Policy: Consolidating policies for all resources in one place, reducing misconfigurations and making it easier to adapt and respond to changes or incidents.

Secure Access Isn't Just Important: It's Urgent

Secure infrastructure access is not just a technical detail. It’s a strategic imperative that impacts your organization's ability to scale, innovate, and protect its reputation – and can even be a key competitive differentiator. Teleport’s 2024 State of Secure Infrastructure Access reveals both the challenges and the solutions to modern access, providing insights that organizations can act on today.

Ready to dive deeper into the findings and learn what it takes to be a secure infrastructure access leader? Get your copy of the complete report.