Identity And Access Management

What Is The Principle Of Least Privilege?

What is the principle of least privilege, why is it important, and how can privileged access management (PAM) help you enforce it?

What Is The Principle Of Least Privilege? - Expert Insights

Privileged accounts are a lucrative target for cybercriminals. They provide administrative levels of access to critical business systems, making them the holy grail for attackers trying to access an organization’s most sensitive data.

Many organizations organize their IT systems in tiers. These tiers are categorized according to how severe the consequences would be if that system were breached. So, the higher the tier, the higher the consequences—such as financial loss or loss of personally identifiable information (PII). Privileged accounts, such as domain admin accounts, are granted higher levels of permissions than standard user accounts. This grants them access to systems in the highest tiers.

If an attacker were to steal the login credentials of a privileged user account, they would be able to access all the critical systems and applications linked to that account. It comes as little surprise, then, that hackers are specifically targeting these accounts. And they’re doing so successfully: a quarter of all cybercrime victims in the US and the UK are people in managerial positions, or who own a business—i.e., highly privileged users.

Despite the implications of such a breach, many organizations aren’t doing enough to secure their privileged accounts. In fact, almost half of all businesses have at least some users with more privileges than they require to do their job.

One of the first steps you should take to minimize the risk of a privileged account breach is reducing your attack surface. To do that, you need to implement the principle of least privilege. And we’re here to tell you how.

What Is The Principle Of Least Privilege?

The principle of least privilege states that authorized users should only be granted access to critical business systems in the moment they need it, for as long as they need it to do their job. This helps to mitigate the risks associated with overprivileged accounts, and with standing privileges.

“Standing privileges” are privileges that are continuously assigned to an account, granting that account constant, unhindered access to critical systems and applications. Standing privileges could be the result of over-assigning user privileges or not reducing privileges after they’re no longer needed. Sometimes they are the default setting when an account is set up, such as the pre-configured “admin” user that comes with most desktops and laptops. This is often the case amongst businesses that use lots of cloud-hosted applications, because many cloud apps come with pre-configured admin-level privileges on deployment.

Attackers can exploit unnecessarily elevated privileges to access high-tier systems using a standard user account. And if privileged credentials aren’t updated or rotated, attackers can also carry out multiple attacks by using the same set of credentials to sign in multiple times, undetected. The more often they do this, and the longer they can access those high-tier systems using privileged credentials, the more damage they can do.

When you enforce the principle of least privilege across your accounts, users are only granted the minimum privilege they need to be able to do their job. That means that elevated privileges are only assigned when the user needs it, and they are revoked immediately after the user has finished their task within a high-tier system and ended their session. This practice is also known as granting “just-in-time” privileges.

For best practice, you should rotate the credentials to shared accounts as well as revoke elevated privileges once the session ends. This means that cybercriminals won’t be able to access a high-tier system using credentials they’ve stolen from a user. And if an attacker does gain access to an account via brute force, they won’t be able to sign in multiple times, so the damage they can do is greatly restricted.

Why Should You Grant “Just-In-Time” Privilege?

There are several reasons why you should remediate standing privileges and over-privileged accounts: to prevent attacks on your business; to prevent attacks on your partners, suppliers, and customers; and to ensure (and prove) compliance with data protection standards.

Secure Your Business

An attacker will try to gain access to a privileged account in one of two ways: via social engineering, or via brute force. Social engineering involves manipulating a user into willingly handing over their credentials by impersonating someone they trust. This is also known as a phishing attack. Brute force involves using a computer to crack the password by running through thousands of different character combinations until they find the right one.

Once a criminal has logged into that account, there are two main attacks they might carry out.

Account Takeover Attacks

In an account takeover attack, the attacker signs into their victim’s account, and can access all that user’s information and any company information they have saved. The attacker can also change the login details of that account, effectively locking out the legitimate user and rendering themselves the new account owner, or “taking over” the account.

Account takeover is particularly dangerous as, once an attacker has access to that account, they can easily manipulate their victim’s connections into interacting with them. This can allow them to unlock further areas of the network, stealing data as they go.

De-escalating privileges and rotating them once a user has completed their session means that, even if an attacker manages to manipulate a user into handing over their password, they won’t be able to use it to sign into that user’s account, because the password will change as soon as the user logs out. If the attacker manages to sign in using brute force, they won’t be able to re-access the account, which significantly limits the amount of damage they can do.

Malware Attacks

Some types of malware, such as SQL injections, require elevated privileges to execute—the type of privileges that an attacker will have if they manage to hack into a privileged account.

By granting privilege only when necessary, you can minimize the chance of an attacker being able to sign into a privileged account in the first place.

Secure The Businesses You Work With

If an attacker successfully takes over a privileged account, they can use it to communicate with anyone that the legitimate account owner would normally speak to—including your business’ suppliers, partners, and customers. And because the communications will be coming from a legitimate account, it will be easier for the attacker to manipulate those people into handing over sensitive data. For a hacker, this is an effective way of gaining financial information or login credentials, allowing the attacker to extend their attack across multiple organizations.

Achieve And Prove Compliance

Many data protection standards, including HIPAA, PCI-DSS, SOX, and FISMA, mandate that businesses apply least privilege access policies to critical or high-tier accounts to ensure the security of sensitive data such as personally identifiable information or financial information.

But implementing the principle of least privilege will not only enable you to be compliant, but it will also enable you to prove compliance. It will give you greater visibility into which accounts have elevated privileges, when they’re used, and why they’re used. You can also invest in solutions that manage privileged access for you. These also include generating reports into the activities of privileged users, and providing recordings of privileged sessions.

And that brings us on to our next topic—how best to manage privileged access.

How Can You Enforce The Principle Of Least Privilege With PAM?

A lack of automation and skilled staff are the top two challenges when it comes to access management, and it’s no different for managing privileged access. It can be difficult to enforce the principle of least privilege manually as it takes time for each user to request access to a system. It then takes more time and technical knowledge for an administrator to grant that access, before manually removing privileged access once the user lets them know they’re done.

Thankfully, there’s a solution designed to simplify that process.

Privileged access management (PAM) solutions enable organizations to manage privilege escalation and monitor the activities of privileged users. The solutions provide visibility into when users are allowed to access critical business systems, which systems they’re allowed to access, and what they can do within those systems once logged in. This increases security, but also makes it easier to prove compliance with data protection regulations.

To enable this, PAM solutions work in one of two ways:

  1. They enable admins to easily escalate user privileges upon request, without having to share a new set of credentials with the user.
  2. They store the privileged credentials in a secure vault, which authorized users can only access after they’ve verified their identity via multi-factor authentication. This process ensures that the user is who they say they are, and will log the fact that they’ve accessed a privileged account. Once the user logs out, the vault automatically rotates the credentials.

Both types of solution monitor user activity during privileged sessions, either by logging their activities or by video recording the entire session. This gives admins clear visibility into who is accessing which accounts and what they’re doing within those accounts, both for compliance and auditing purposes and to help identify any suspicious activity.

Summary

Privileged accounts are like the master key to your company’s data. If an attacker manages to get into them, they can access critical areas of your network that store sensitive data, and either lock that data down and hold it at ransom, leak it, or steal it to sell on the dark web.

So, it’s absolutely imperative that you secure those accounts. The first step in doing so is reducing your attack surface by implementing just-in-time privilege, in line with the principle of least privilege. Then, you need to make sure you have visibility into which users have escalated privileges and what they’re using them for. Finally, we also recommend implementing multi-factor authentication across all privileged accounts, to make it as difficult as possible for attackers to manipulate or hack their way in.

A privileged access management solution can help you achieve each of those goals. And to help you find the best one for your business, we’ve put together a guide to the top PAM solutions currently on the market, which you can find below: