Zero Standing Privileges
With the growth of cyberattacks, access credentials have become a strong attack vector. In 74% of cases of data breaches, companies confirm unauthorized access to a privileged account as its main cause.
In addition, The Verizon Data Breach Investigations Report (DBIR) has found that 29% of the total breaches in cyberattacks involved the use of stolen credentials, second only to phishing.
Once a credential is compromised, a malicious attacker is able to move sideways, infecting other devices and increasing the risk of data leaks, or even infection by ransomware. The reason behind this (and because administrator credentials remain an easy target for attackers) is the high level of access that these credentials provide.
Generally, PAM or Endpoint Privilege Management (EPM) solutions are not designed to deal with the risks associated with standing privilege.
The standing privilege is when administrator accounts with privileged access are always active (always-on). On average, in a large company, it is possible to find 480 users with administrator access on their workstations.
Thus, the concept of Zero Standing Privileges (ZSP) aims to eliminate standing privileges within organizations and mitigate cybersecurity risks.
What is Zero Standing Privileges (ZSP)?
Administrative privilege provides the means by which attackers need to take criminal action, be it data exfiltration, data destruction, or other crimes.
When an organization has identities with standing privileges (always-on), it must prioritize efforts to control access to such identities, monitor their use, and protect them from misuse.
However, for most of the day, these highly privileged identities remain idle, unused, but still pose risks.
Traditional PAM approaches have focused on managing and controlling access to privileged account passwords or temporarily elevating privileges to manage when users can work with administrative privileges.
For example, a server administrator employee can check the password of the day to access their privileged personal account each morning. Or they can simply use a solution to have their privileges elevated on demand.
Nevertheless, the focus of each of these approaches is to ensure that the employee uses their privileges in an authorized manner, considering that they are a good employee and not an attacker looking for ways to compromise the organization.
In both cases, the privileges granted to their privileged personal account or in the sudo configuration are permanent and at risk of being abused by a motivated criminal.
Just Enough Privilege (JEP) and Just in Time (JIT)
What if we can eliminate these standing privileges and replace them with a policy-driven process to allow privileged access only when necessary and with scope only for the required tasks?
The answer to that is using the concepts of Just Enough Privilege (JEP) and Just in Time (JIT). In a just-in-time workflow, there are no standing privileges for employees – no sudo settings to manage, no privileged personal account to monitor.
Instead, potential employee privileges are detailed in a centralized policy. When an employee’s job requires privileged access, they start an activity that describes what they want to do and what resources they need to do it.
Behind the scenes, an activity identity is created or activated and only required privileges are granted to perform just the desired task.
The activity is then performed interactively by the employee (for example, a remote desktop protocol for a server – RDP) or by the system on their behalf (for example, rebooting a server).
Upon completion of the activity, privileges are revoked from the activity’s identity and it is destroyed or deactivated.
By adopting this workflow, the privilege attack surface is reduced to the window during which the employee is actively using the privilege, which decreases the risk that an attacker will steal credential passwords.
Unlike traditional PAM, where the focus is on protecting the means (for example, privileged accounts or settings) that provide privileges, the focus of the JEP and JIT workflow is on the user.
All an employee needs to know is that they are required to restart a specific server, and the system will take care of providing, protecting, and destroying the privilege when they are done.
The goal of Zero Standing Privileges (ZSP) can be achieved through just-in-time privilege access, improving operational sustainability for your privilege access program and dramatically reducing the privilege attack surface.
Benefits of Zero Standing Privileges (ZSP)
Standing privilege is defined as the fact that accounts have access with persistent privileges at all times to some set of systems. Zero Standing Privileges (ZSP) is just the opposite.
It is the purest form of just-in-time administrator access, ensuring that the principle of least privilege is applied by granting authorized users the privileged access they need for a minimum period and only the minimum rights they need.
This elimination of permanent privilege through Zero Standing Privilege is really an advantage for understanding the current privileged access and mitigating possible cybersecurity risks.
Final Thoughts
It is encouraging to see the market has started to recognize standing privilege as a key risk that needs to be addressed and that storing secrets and rotating local administrator passwords on critical servers is not enough.
Attackers are targeting workstations as the easiest way and using the administrator access available on those workstations to spread across corporate networks.
It is necessary to consider a position of Zero Standing Privilege in our environments. Stolen credentials will continue to be the easiest target for attackers and will continue to contribute to 80% of data breaches.
