How does the Principle of Least Privilege help your Business?

What is the principle of least privilege (POLP)?

The principle of least privilege is an access security concept that emphasizes limiting user privileges to the minimum possible level that allows them to complete their tasks seamlessly.

The principle of least privilege is considered a cybersecurity best practice and is a core arm of Zero-Trust Network Access (ZTNA) as it helps restrict access to high-value assets and sensitive information.

Why is the principle of least privilege (POLP) important?

Granting users permissions to access IT assets is a necessary risk as any access can be abused if the user account is compromised. But, when employees have privileges more than they need to complete their tasks, the attack surface grows unnecessarily. This unnecessary risk can snowball into a complicated problem that requires effort, money, and a lot of man hours to resolve.

Let’s take the example of a code repository in a product development company. There are developers who constantly retrieve and push code in the repository as part of their daily tasks. If the company has software engineering interns who learn from the code, they should not be granted permissions to push new code into the repository. Such permission is unnecessary and involves huge risk.

Interns should only be granted view permissions to the repository since their task doesn’t warrant any more privileges.

The principle of least privileges mandates granting only the right amount privilege required by a user to complete their tasks successfully.

How is principle of least privilege (POLP) better than traditional VPNs?

Simply, POLP is a context-based security system which is more granular than VPN which is a perimeter-based system. But let’s dive a little deeper.

How does a VPN work?

VPN works by establishing a fence around the IT assets of the organization. Any employee who needs access to the IT asset should authenticate themselves with the VPN before they are allowed access into the private network.

VPNs offer a single layer of security. Once a user connects to a VPN, the user is granted access to everything within the private network.

Once the users gain access to the private network, they can access any device within the network. The VPN doesn’t have control over who can access which device. VPNs do not possess any mechanisms to control how much access a user has over the assets it protects.

Why is this perimeter-based system unreliable?

Cyber threats in the modern world often resort to sophisticated attacks such as credential spraying, MFA fatigue, and various identity-based attacks that can be automated for a small cost. If the attacker manages to breach the authentication layer, every asset within the private network is up for taking. Apart from external threats, employees who are already inside the private network may intentionally or unintentionally cause breaches. There is simply no provision in VPNs that acts as a check against such users.

This is why perimeter-based security solutions like VPNs offer little to no protection against threats that are already inside the network.

How principle of least privilege (POLP) helps prevent major leaks?

The principle of least privilege dictates that users are granted just enough privileges to complete their tasks. This is achieved by granting restricted access to assets so that no user has complete control over the privileged asset but enough access to complete their tasks.

This access control layer often sits within a perimeter established through strong authentication along with an MFA. Even if an intruder or a malicious insider decides to go rogue and cause havoc, the user would only be able to inflict minimal damage restricted by the level of access granted to them. This principle also revokes the ability to download and install applications on their devices from internal users. Thus, it protects the device and the network from malware propagation.

The principle of least privilege when coupled with Just-in-Time access controls will limit any malicious user with limited access for a limited time. When a privileged access management solution is used to grant Just-in-Time access, one can expect a comprehensive track of all activities that helps enforce accountability for actions.

How to implement the principle of least privilege (POLP)?

The principle of least privilege can be implemented successfully by following the sequence of steps below.

1. Consolidate privileged accounts: The first step to establish a least privilege-based access control is to discover all privileged accounts in your IT network and organize them. These accounts may be stored in a database, exist as administrator/superuser accounts on endpoints, root or superuser accounts in your network devices.
2. Store passwords, keys inside an encrypted vault: Once privileged accounts are discovered, they should be consolidated and stored inside an encrypted vault. The vault should be in a secure location and the encryption key stored separately for security purposes.
3. Rotate credentials: The passwords stored in the vault should be rotated as soon as they are onboarded since people who might have had access in the past might still be able to access the passwords. Rotating the passwords will ensure no user has standing access to the privileged accounts added to the vault.
4. Provision vault access to users and administrators: Users who would need access to the credentials should be onboarded into the vault so that permissions can be granted accordingly. It is encouraged to enforce multi-factor authentication for users onboarded into the vault.
5. Share access to accounts with the minimum level of privilege required: Once the users can access the vault, you need to share the privileged accounts to which the users need access. Here, the permissions each user gets while gaining shared access should be minimized.
6. Revoke administrator privileges from users: Most users in the organization rarely need admin rights to fulfill their duties. End users with administrator privileges can potentially download malware and ransomware from the internet. The malware can potentially spread to other devices and cause massive breach and cripple the functioning of the entire organization. It is advisable to remove the local administrator privileges from all endpoints and servers in the organization.
7. Enforce Just-in-Time access: In addition to granting minimal privileges to the users, it is important to restrict the maximum time the user gets access to these sensitive accounts. Gating access to these accounts behind an approval workflow mechanism will help enforce just-in-time access.
8. Enforce concurrency controls: While enforcing just-in-time, just-enough access, it is important to ensure that only one person can access an asset at a time. This ensures that the active user is held responsible for events that transpire during that time.
9. Record and Track activities: Activities such as users accessing assets, placing requests, granting access and any change in permissions should be recorded and stored. A comprehensive audit trail of activities related to privileged accounts associates actions with users and proves helpful at times of external security audits.
10. Periodic review of permissions: Employees rarely do the same work for a prolonged period. The users get access to new assets when they move to a different role. If such a move happens a few times, the user will gain more and more privileges. The dynamic nature of users exposes the organization to privilege creep. Hence, it is important to periodically remove unwanted privileges and grant only the required privileges and access.

Benefits of the principle of least privilege (POLP)

The principle of least privilege helps protect the organization from massive breaches as it limits the potential damage caused by compromise of any single user to miniscule levels. The specific benefits are explained below:

Protection against external threats: The minimal levels of space external threats get to operate and leak data by compromising the perimeter limits the damage caused by an intruder inside the network.

Protection against internal threats: The strict access controls enforced on users along with just-in-time access ensure that the risk posed by negligent and malignant users is minimal. Even in case of accidents, the potential flipside is kept minimal with the use of principle of least privilege.

Reduces Malware Propagation: With the enforcement of principle of least privilege, the user will not be able to download or install additional software in their machines. This prevents the introduction of malware and ransomware inside their endpoints which subsequently spreads throughout the network.

Improved Productivity: Preventing unnecessary downtimes caused by breaches and attacks, the principle of least privilege helps increase the productivity of the entire organization. Additionally, the approval workflow mechanism can help grant end users access to assets when they need it without waiting for a helpdesk technician to work their magic.

FAQs

What are standing privileges?

Standing privileges are access permissions that are always there even when the users do not need them at that moment. The existence of standing privileges in the network runs against the core Zero-Trust principle of least privilege.

Why should standing privileges be eliminated?

Standing privileges should be eliminated because the user possessing those privileges might not need them at present or in some cases ever. They also present risks of being misused accidentally and for malicious reasons.

What is privilege creep?

When users are granted standing privileges to be able to fulfill their responsibilities, they gain that privilege forever. If these users are tasked with other responsibilities, then they gain more privileges. This accumulation of privileges that may not be required now is called privilege creep.

How to prevent privilege creep?

Eliminating standing access completely from the IT network and granting privileges only on a temporary basis can help prevent privilege creep. In addition, performing a periodic review of the privileges granted to users can help weed out unnecessary permissions from users.

What is ZTNA 2.0?

ZTNA 2.0 is the revised version of zero-trust-network-access which overcomes the shortfalls of ZTNA 1.0. It presses upon implementation of least privileges, continuous identity verification, and data protection.