Standing Privileges are the go-to route for most user management in most Enterprise Businesses. Traditional Privileged Access Management (PAM) tools rely on the setup of having a set of users with a permanent set of roles and access permissions. If left uncontrolled, these roles tend to grow throughout the user’s time within the organisation leading to super users who have high privileged accounts without requiring admin access for their day-to-day jobs. As most organisations move towards the principle of least privilege, cutting down the unused roles is just the first step. A common use case demonstrating the problem is the on-call server administrator who only needs high-level access twice a month, but in the traditional model they have this admin access throughout the user’s lifecycle. For any adversary, this account is a high valued target.
Gartner coined the term Zero Standing Privileges (ZSP) to describe the objective state for an organisation’s PAM. Simply put, this is where there are no permanent privileges are assigned to a user account. Typically, this refers to high level privileges and aims to only enable these roles when they are required by the user to complete their work. The key difference here is that it severely limits the attacker’s potential to perform any nefarious actions if they were able to gain access to this user.
When the ZSP controls are setup the question moves on to how to allow users to perform their work without moving back into standing privileges. The solution to this is to use Just in Time (JIT) privileges. A simple JIT flow could be that a user needing to take on admin privileges will request the role and be required to provide justification before the role is auto assigned, with the caveat control of a pre-defined time limit. For roles deemed more sensitive – such as administrator roles within production, or for accessing protected data – this could come with an extra step of requiring an external approver or only allowing a small subset of users the ability to request this role. Once the job is complete the privilege account role settings are revoked until required again, which could generate further reports on how and when certain privileges are used, aiding in the development of least privilege access. Within a mature operational service platform this provides extra logging of monitoring of change activities. Within a Microsoft 365 or Azure environment the JIT principle is a natively available, using the tool Privilege Identity Management, which can be setup and customised to give a balance between locking roles down and allowing the user accounts unrestricted access to complete their roles.
As companies expand both their user basis and cloud-based architecture, the associated role privileges tend to follow the same trend. Alongside this, the traditional standing privileges create high value targets who maintain privileges needed for only a small percentage of their roles. The drive towards cloud will enable ephemeral user management. By implementing ZSP and JIT procedure the risk present in lateral movement attacks can be highly mitigated, reducing the blast radius whilst enabling the roles needed by the organisation’s users.
If you would like any more info on how Net Reply can help you with Privilege Management, please contact Jonathan Jenkins .