Least Privilege There are three core areas of focus when managing and controlling access: Authentication, Authorization and Accountability. We call it 3As.
  • Authentication is focused on verifying the identity of an individual and proving that someone is who they claim to be.
  • Authorization is controlling and managing what access an individual has.
  • Accountability is tracking and monitoring what a user account is doing, looking for and finding indications of a compromise.
The key component of authorization is least privilege: giving someone the least amount of access they need to do their job, and properly maintaining that access. The two big problems with least privilege are minimal access and expiration of access. Minimal Access When assigning or providing access, in many cases an admin is not sure whether or not someone needs access. In the past, if an admin was not sure if a user needed access, the default rule was to go ahead and provide the user with access. While this potentially minimized support desk calls and user frustration, it introduced considerable risk. If you provide additional access and it is not needed, no one ever notifies the help desk. Ultimately, providing access to a user beyond what he or she needs to perform his/her role leads to a massively increased attack surface that leaves organizations wide open to damage from hackers and insiders. However, if we have a paradigm shift and not provide access unless we are 100% sure of a user’s need, the system will stay in a secure state. Now, if the access is not provided and it is needed, the user can notify the help desk, get appropriate approval, and then get the access added. In light of many disastrous real world examples of privileged access gone wild, this is a much safer and smarter approach to managing access. If it is intelligently implemented, the initial user frustration and help desk calls can be mitigated with granular policies, versus broad strokes of privileged denials. Expiration of Access The second big problem with data access is expiration. In most organizations, once access is provided to a piece of information, it is never removed. This leads to what I call the sticky principle. Over the course of employment at an organization, as a user’s role and responsibilities change (or the technologies they need to access grow), more access is granted to the user. However, rarely is the previous access, when no longer relevant to a user’s role, removed. I have seen this in many organizations where someone who has worked for the company for 20 years in various different roles and, thus, has accumulated access to almost every piece of information and system. Thus, a best practice is to set expiration dates for access. Therefore, after a certain period of time, if the access is not renewed or extended, it will expire and proper access will be maintained on the system. This is analogous to the expiration of your password and requires a simple periodic reset. How BeyondTrust Can Help Eliminating excessive rights on user endpoints is a common starting point for many organizations to close avoidable security gaps, but legacy approaches to solving this problem are insufficient. Existing tools lack visibility into the security profile of applications targeted for elevation, and the risk-reducing effects of eliminating over-privileged users are negated if a vulnerable or exploited application is elevated for use. The traditional approach to solving these endpoint least privilege problems requires security and IT teams to cobble together point tools from multiple vendors resulting in unnecessary complexity and cost, and no visibility into user behavior throughout the enterprise. BeyondTrust solves this problem by: If you would like to learn more about how you can take these best practice recommendations and translate them into real use cases, download my white paper, It’s All About the Endpoint: Protecting and Enabling End Users with Least Privilege.