Recently, this publication shared four benefits of a least privilege approach to security and explained why least privilege is an important part of network security. The importance of this approach is hard to overstate but it bears repeating that as a foundation it is one of the most effective ways to bolster an organization’s cybersecurity posture.
The concept of least privilege revolves around imposing limits on user permissions to necessary accounts and resources which helps to mitigate the risk of a data breach, and limited the impact of a successful breach.
As an example, suppose attackers obtain the credentials of an employee account with few permissions. When they login as that employee, they will have only limited system access, so potential damage (the “blast radius”) is contained. That’s why observing least privilege offers multiple benefits and affects data security in several important ways.
You may be asking, “what happens if attackers compromise an administrator account with unlimited access? Surely, in that situation, the potential for catastrophic damage is incredibly high?” Thankfully, least privilege – and Zero Trust policies – can also apply to admin/privileged users as well – and may well be more critical in the admin realm with their elevated access rights.
But, how can you enforce the principle of least privilege with human and non-human users without jeopardizing security, compliance, or user productivity?
Here are three steps to take to implement least privilege in your organization:
Step one: conduct an audit.
To ensure that accounts have least privilege permissions, it’s important to audit and know the current state of access in your organization. The goal is to verify that employees, outside users, devices, applications, and robotic processes have only the permissions needed to complete their tasks on only the intended network resources.
Step two: start all accounts with least privilege.
All account privileges should start as low as possible. If a higher level or different access is necessary, add the appropriate permission as needed. Remove higher-level permissions from accounts that don’t need them. With role-based access control, your administrators can easily set guidelines for permissions required for a given task or responsibility. If a user’s role changes, remove permissions to resources no longer needed in the new role.
Step three: maintain separate privileges.
Administrator accounts and standard accounts should be separate, even for the same user. Split up high-level system functions—reading, writing and executing to databases and applications—from lower-level functions. Enforce separate privileges for auditing and logging.
Following these steps, limit access to higher privileges. Restrict access to increased privileges and temporarily grant elevated permissions on an as-needed basis. If a user temporarily needs higher or additional access to a privileged environment, allow access through one-time-use credentials or through session privileges with timed expiration.
Step four: track individual actions
Once you have the basics, it is now critical to keep track of individual actions. Track and monitor access to your sensitive assets, such as employee records and customer data. That enables you to detect unusual activity and establish accountability.
Step five: review privileges constantly
Finally, Make sure to consistently review privileges and who requests them. Conducting regular audits and re-certification campaigns help to keep user privileges at correct levels. Over time, older users and accounts can collect elevated privileges that aren’t used or needed. A regular review keeps identity sprawl and privilege creep in check.