What is the Principle of Least Privilege?

Tech topics

What is the Principle of Least Privilege?

Illustration of IT items with focus on a lightbulb

Overview

Least privilege is a foundational tenet of?zero trust security, with the core philosophy to grant only as much access as necessary. While initially discussed as part of a network security strategy, applying zero trust security to the application layer for consumable resources (applications, services, data, etc.) is far more effective. This approach allows you to tie specific resource access policies to the people and programs accessing them.

Principle of Least Privilege

What types of threats are best addressed through least-privilege security?

Least-privilege access?is a security strategy focused on ensuring that identities, people, and processes are granted the minimum level of permissions needed to be productive—or in the case of programmatic access, functional. In their?introduction into information security, NIST (National Institute of Standards and Technology) points to common concerns addressed by least privilege:?

Malevolent insider:?This threat type is often difficult to detect, with harmful activities easily going months or years unnoticed.?Inside bad actors?can be contractors, employees, and even administrators and all levels of management. Least privilege is a primary security approach to limit the range of damage or abuse can inflict on an organization.
Malevolent collusion:?This can occur when two or more bad actors coordinate malevolent activities. This exploitation type often results in far more damage than typically possible from a single individual. It’s why regulators and organizations use separation of duties (SoD) to protect against this kind of abuse. SoD requires more than one person to complete a task. Although it's often thought of in the context of financial services, those same principles protect against different forms of fraud, sabotage, theft, or the misuse of sensitive information.
Negligent insider:?These are actors who, while they don’t have bad intentions, make errors that expose their organizations to risk. Negligent behaviors include configuration errors that inadvertently shuts down important digital services or exposes sensitive information to the web. These types of incidents are routinely published in the media.?
Compromised insider:?This is when an insider’s credentials have somehow been compromised, commonly through phishing. The broader and more far reaching an account’s access, the greater the potential damage is to the organization. This is why executives are increasingly being targeted (whaling).

What are the main causes of privilege creep?

Privilege creep is when a user accumulates entitlements beyond the justification of their role within the organization. It usually happens gradually over time, and often affects organizations that need to secure their regulated or sensitive information. When individuals change roles, permissions are often granted quickly to get people productive, but because responsibilities may linger previous entitlements are often kept in place. The types of resource where least privilege needs to be assessed include:?

Core applications and services
Unstructured data?
Systems and platforms

At some point the leadership team realizes that they need to get a handle on?privileged access?to their core services and sensitive information. They prioritize and sponsor security teams to join forces with information owners to form privileged access tiger teams. Projects are kicked off and objectives defined. With their newly designed?identity governance environment?that automates access requests and approvals, the maintenance of it is handed off to operations. Too often, this type of focus isn’t ongoing—but even with automated requests and approvals, privilege creep is still a potential risk.

Often privilege creep builds as business dynamics diverge from defined governance policies. Permission workflows have a tendency to expand as organizations morph and responsibilities drift. Some of the most common sources of privilege creep include:?

Approvals:?Approvers, who are preferably information owners, are not accurately assessing permissions requests. Busy approvers may not take the time needed to precisely understand who the requesting user is and what their needs are.
Inadequate review process:?This encompasses a lack of regular reviews or ones conducted by those who aren’t equipped to properly vet or assess the appropriateness of access requests.?
High risk users:?There are some users where it’s quite possible for them to accumulate a level of entitlements over time that pose an unacceptable risk to the organization. This happens as the user temporarily takes on various projects and roles that require entitlements to perform and those entitlements are subsequently retained.?

Privilege creep is nearly inevitable as organizations adapt or respond to various dynamics imposed on them. But it violates a key zero trust tenant designed to protect organizations from outsiders, and is a contributing factor to the large breach costs that continue to grow across virtually every industry.

How to control privilege creep

One of the most difficult aspects of protecting against privilege creep is that it often happens over time while reviewers, who are responsible for many things, are focused on other things. It’s not observable at any one point of time, but rather must be viewed across a relatively long span of time. Acknowledging the subtle way that an account can morph into an unacceptable risk level without detection, the extent to which it poses a security concern depends on the volume of users, the number of changes users go through, and the sensitivity of the information being protected. It’s a security challenge that can’t be solved with a spreadsheet.

Preserving separation of duty

Separation of duty and other corporate policies designed to comply with regulations translate well into governance rules, but risk criteria are more subjective. Here are the most common ones:

Too many organizations don’t have a de-permissioning processes in place. Instead, these organizations rely on basic platform account management tools. Typically, their permissions control is nothing more than disabling accounts that the leave the organization.?Risk management?isn’t a top priority for these organizations. ?
It’s not uncommon for select individuals across the organization who take on different roles over time are top candidates for privilege creep. Common use cases include dotted-line reporting, contributing on different tiger teams, and participating in a variety of projects across different departments. While there are overt productivity forces in play when assigning entitlements to these personnel, security considerations are often muted. The occasions for removing permissions are usually scattered, but the fear of disrupting a permissioned user is a frequent reason for not doing so.
Over-generalized roles can be another agent of privilege creep. Here it’s less about granting permission to appropriate requests, but rather more about the over expansion or the generalization of roles used to assign them. Effective roles are those that are properly demarcated, each one being distinct to the appropriate level of permissions. It’s frequently a temptation to under define and generalize roles used to apply permissions.?

Protecting against risk creep

It’s quite difficult for reviewers to identity permissions that drift over time. These types of evaluations can be aided with automated analysis of change over time. Reviewers can then access that information in a dashboard or report. While it’s not feasible to appraise all users across an organization, it is possible to effectively review and vet the top dozen who pose the highest risk.

Other types of auto-generated risk alerts and reports are derived from analysis of the governed resources. Resources containing sensitive information that are not periodically reviewed are assigned a higher risk score. For all of these alerts, today’s dominant governance innovation is the identification and highlighting of risk areas across the entire environment.

How does least privilege fit into zero trust?

Least privilege access is one of the core components of a Zero Trust Architecture. This means granting only as much access as needed, with only the minimum permissions for the shortest duration necessary.

Other zero trust components include:

Micro-segmentation:?Break the environment down into smaller security zones to limit the scope of access. Maintain separate security controls for each compartment of the environment (requires distributed management of these controls).
Multi-factor authentication (MFA):?Require two or more verification factors to gain access to a resource; require greater identity assurance based on current risk state.
API control and monitoring:?Ensure appropriate control at the programmatic level as well as at the user interaction level. Control how many different devices and/or API’s are trying to access resources.
Adaptive:?Context-aware, continuous evaluation of risk – enables early detection of threats and rapid response. Dynamically respond to the current state in the context of the current environment and past activity.

?

Resources

Protecting the crown jewels—privileged account management position paper

Privileged accounts—securing your active directory environment position paper

FeaturedFeatured

Analytics CloudAnalytics Cloud

Analytics DatabaseAnalytics Database

Business Intelligence and ReportingBusiness Intelligence and Reporting

Data DiscoveryData Discovery

eDiscovery and InvestigationseDiscovery and Investigations

Legal Content and Knowledge ManagementLegal Content and Knowledge Management

Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain IntegrationSupply Chain Integration

B2B Integration ServicesB2B Integration Services

Ecosystem CollaborationEcosystem Collaboration

Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Business IntegrationsBusiness Integrations

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Information ArchivingInformation Archiving

Process AutomationProcess Automation

Information GovernanceInformation Governance

Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application SecurityApplication Security

Identity and Access ManagementIdentity and Access Management

Data Privacy and ProtectionData Privacy and Protection

Digital Investigations and ForensicsDigital Investigations and Forensics

Threat Intelligence

Threat Detection and ResponseThreat Detection and Response

Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Functional TestingFunctional Testing

Performance EngineeringPerformance Engineering

DevOps Aviator

Experience CloudExperience Cloud

Web and Brand ExperiencesWeb and Brand Experiences

MessagingMessaging

Customer Journey and DataCustomer Journey and Data

Media ManagementMedia Management

Contact Center AnalyticsContact Center Analytics

Experience Aviator

IT Operations CloudIT Operations Cloud

Service ManagementService Management

FinOpsFinOps

AIOps and ObservabilityAIOps and Observability

AutomationAutomation

Network ManagementNetwork Management

IT Operations Aviator

好色先生TV Thrust好色先生TV Thrust

Developer Cloud technical documentation

Aviator Thrust

PortfolioPortfolio

Data protection and endpoint backupData protection and endpoint backup

Endpoint management and mobile securityEndpoint management and mobile security

Hybrid work, email, and team collaborationHybrid work, email, and team collaboration

Archiving, eDiscovery, and data securityArchiving, eDiscovery, and data security

Information reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Strategy & Advisory ServicesStrategy & Advisory Services

Consulting ServicesConsulting Services

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an 好色先生TV PartnerFind an 好色先生TV Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

Blogs

EventsEvents

Communities

Customer StoriesCustomer Stories

好色先生TV Navigator好色先生TV Navigator

Featured

Analytics Cloud

Analytics Database

Business Intelligence and Reporting

Data Discovery

eDiscovery and Investigations

Legal Content and Knowledge Management

Business Network Cloud

Supply Chain Integration

B2B Integration Services

Ecosystem Collaboration

Content Cloud

Document Management

AI Content Management

Business Integrations

Capture and Intelligent Document Processing

Information Archiving

Process Automation

Information Governance

Cybersecurity Cloud

Application Security

Identity and Access Management

Data Privacy and Protection

Digital Investigations and Forensics

Threat Detection and Response

DevOps Cloud

DevOps Platform

PPM and Strategic Portfolio Management

Quality Management

Functional Testing

Performance Engineering

Experience Cloud

Web and Brand Experiences

Messaging

Customer Journey and Data

Media Management

Contact Center Analytics

IT Operations Cloud

Service Management

FinOps

AIOps and Observability

Automation

Network Management

好色先生TV Thrust

Portfolio

Data protection and endpoint backup

Endpoint management and mobile security

Hybrid work, email, and team collaboration

Archiving, eDiscovery, and data security

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Strategy & Advisory Services

Consulting Services

Learning Services

Managed Services

Find an 好色先生TV Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Events

Customer Stories

好色先生TV Navigator