Zero Standing Privileges (ZSP) refers to an IT environment in which there are no persistent, always-on privileged access rights. This requires the elimination of all standing privileges. ZSP is the desired end state of a just-in-time (JIT) privileged access management (PAM) model and essential to achieving true least privilege.
Continuous authentication, least privilege, and the elimination of default, always-on (24/7) access are also core objectives of zero trust environments and strategies. Like zero trust, ZSP requires that no administrative or authorized access is allotted based on predefined trust conditions. This eliminates the existence of over-privileged administrative users who have full access, and therefore control, over the network. Instead, privileges are distributed for a singular purpose—and for as briefly as possible. This is designed to vastly minimize the cyberattack surface, particularly the windows of time during which privileges may be exploited.
Read on for an overview of zero standing privileges and JIT PAM, the risks of standing privileges, the cybersecurity benefits of a ZSP environment, and how to achieve zero standing privileges.
Standing privileges refer to user privileges enabled indefinitely, regardless of context. Users with standing privileges continuously have privileged access rights—regardless of whether privileged access is required at that point in time—or ever.
For example, roles operating daily within business critical IT and security resources will generally have high levels of privilege. Traditionally, these roles were designed to access sensitive environments at a moment’s notice, therefore warranting standing privileges.
However, this privilege provisioning model conflicts with the guiding principles of zero trust and least privilege. Modern security best practices dictate user identities should only possess access to specific resources for the precise moments they need them to complete their job. In today’s cyberthreat landscape, standing privileges represent a major attack vector.
The risks of standing privilege access and privileged credentials are implicated in almost every cybersecurity breach today. Privileges are usually required for malware to execute, and once inside an environment, privileges may be used to move laterally throughout the network. Escalation of privileges is another technique attackers use to gain higher levels of access in the environment as they work to steal or encrypt data—or simply wreak havoc for the sake of it.
The more accounts with unchecked privileges, and the longer the duration they have access, the more attack vectors exist on the network. Because accounts with standing privileges have constant access, they represent a continuous security threat. In the event of a breach where a user is compromised, hackers gain access to their privileges.
Unfortunately, privileges can be difficult to track due to shadow IT, legacy user groupings, and resistance from operational and business users. Older applications or cloud deployment, for example, might have required unrestricted privileges during implementation. Standing privileges are also commonly found within operations-based user groups.
Users in possession of standing privileges are more likely to have privileged access to multiple resources at once. Administrative accounts, for example, often have sweeping privileged access upfront. This is often a standard operating and onboarding procedure, as to not impede any subsequent support workflows. Hackers know this and are eager to target users in these roles.
Standing privileges for vendor accounts is also a common and risky practice. Many organizations lack visibility into the security hygiene of their vendors—and they may not even have insights into the multiple identities that may be sharing accounts. With many organizations having dozens, if not hundreds of vendors that need access, standing privileged access presents a high risk.
Just-in-time (JIT) privileged access management (PAM) is a real time request strategy for privileged accounts with entitlements, workflow, and appropriate access policies. Companies use this strategy to secure privileged accounts from the flaws of continuous, always-on access. JIT enforces time-based restrictions based on behavioral and contextual parameters. Privileges should come into existence on at the very moment privileges are needed for a legitimate purpose, and they should promptly expire once the purpose has been executed, access context has changed, or after a pre-defined duration of time has lapsed.
With JIT access, the “privilege-active” window of opportunity is reduced to a few moments over a long period of time. Standing privileges, on the other hand, are distributed indefinitely, leaving this window wide open.
In a just-in-time model, admin privileged access is reduced from 24/7 (standing access) to just the instances it is needed. So, for instance, while an admin in an environment with standing privileges would typically have admin access up to 168 hours a week (7 days x 24 hours), an admin in a JIT environment may only have privileged access 3 hours a week, or 1 hour, or even just 5 minutes—depending on their role and needs. When you multiply this impact across all your admins, it can result in a substantial reduction in the threat windows during which privileges are vulnerable, dramatically enhancing the security posture of your organization.
When zero standing privileges are achieved, it means all admin access is restricted to the minimal time needed. Thus, a realized ZSP strategy is the best possible outcome of a JIT approach to privilege management.
For a deeper dive into how just-in-time access works and can be effectively implemented, check out The Guide to Just-In-Time Privileged Access Management.
Here are three important benefits of eliminating standing privileges across the IT environment:
Reducing or eliminating standing privileges are underway in most modern security architectures, especially those adhering to zero trust. In the early stages of a ZSP strategy, supplying privileges as needed could be as simple as instantaneous account creation and deletion. However, the goal of a realized Zero Standing Privilege strategy is to provision privileges for the precise moments they are needed, and nothing more.
To remove standing privileges and drive toward a zero trust state requires implementing a privileged access management solution. Some PAM solutions may have weak capabilities around context-based, just-in-time access controls. However, other solutions will provide many options and capabilities around automating JIT workflows. These workflows will be based on policies and may be triggered to allow access when certain criteria is met, revoking it the moment access is no longer required or deemed safe.
The first step toward eliminating standing privileges is to ensure all privileged accounts are identified and onboarded. Then, least privilege access controls can be applied via a PAM solution so that privileges are only elevated to trusted applications and resources as needed. Ideally, privilege is never actually given to the user or identity itself. The goal should be to implement true least privilege, meaning any user, application, operation, etc. has only just enough access (JEA) and just-in-time access that is needed to perform an action.
Establishing a clear and traceable audit trail, such as via session monitoring and other tools will allow your team to decipher where privileges exist across applications and cloud instances, and how they are being used.
Achieving zero standing privileges is not always possible, due to increasingly complex automated workflows and the many types of non-human and machine accounts within a standard IT environment. However, these accounts should still adhere to the principle of least privilege as much as possible, and have privileged credential management best practices enforced to ensure these accounts are well-protected.
As PAM technology continues to mature, organizations will be able to get ever closer to an ideal ZSP end state. Remember, the closer an organization gets to zero standing privileges, the smaller the threat windows for attackers gain a foothold or advance within a target environment.
Zero Standing Privilege is the end goal of a just-in-time PAM strategy, where the risks of stolen credentials, data breaches, and privilege abuse have drastically minimized, and without impeding business operations. This cannot be achieved overnight and will require developing an intelligent ecosystem of security policies, protocols, and solutions.
As a first step to curtailing standing privileges, organizations need to identify privileged access, credentials, and accounts across the organization. To start illuminating your privileged access risks, try our free Privileged Account Discovery Application, the most powerful free tool of its kind.