What is least privilege?
Any accounts with admin rights or access to regulated or monetizable data are called “privileged accounts.” These privileged accounts act as the gateway to critical systems and data, and are often the target of abuse, resulting in breaches, business downtime and loss of trust. Forrester issued a recent report that 80% of breaches were due to privilege abuse of passwords, tokens, and certificates. This is why “least privilege” is a key security tenet, enabled by the process of privilege minimization. Enforcing the principle of least privilege applies to users and applications as both access systems, databases, applications, and networks to ensure they have only the minimum amount needed to get the job done correctly.
The Risks of Privilege Abuse
A common type of privilege abuse is exploiting existing privileges for malicious activities. This could be performed by both external threat actors, who get access to credentials through hacking, phishing or social engineering, or rogue insiders, who are generally regarded to pose the greatest threat and take the longest to uncover. The 2013 Target Breach is an example of the former in which hackers gained access to customer data by stealing credentials of an HVAC contractor with broadly excessive privileges. The Anthem 2016 breach (uncovered only in 2017), in which an insider who was actively involved in theft stole PHI of thousands of customers, is an example of the latter.
Another type of privilege abuse may occur through privilege escalation, where an insider raises their level of access and awards themself more privileges. The most famous example of this is when Edward Snowden, a contractor to the NSA until 2013, fabricated digital keys to get access to information above his level of clearance, and stole millions of sensitive documents that were highly classified and would not have been accessible to him.
While malicious insiders are often the bane of most threat models with protracted discovery and remediation times, excessive privileges often increase the scope of impact of simple errors. A mistyped command can result in expensive downtimes, and reading excessive data as part of a normal service operation can cause data spillage. This is often a concern for companies with substantial investments in data science and analytics, as they tend to have several services that process and exchange information, and need to make sure it doesn’t accidentally spill onto logs or become otherwise visible to engineering and support teams during troubleshooting.
How do I Implement a Least Privilege Model?
The concept of least privilege, or “need to know,” is intuitive and simple to understand. Privilege minimization is accomplished through a combination of the following
- Continuously monitor all privileged activity
- Report on used privileges and analyze behaviors to detect threats and anomalies
- Strip away unneeded or overprovisioned privileges to prevent and block abuse
There are many benefits to privilege minimization, including
- Reduced attack surface, making it harder for attackers to exploit privileges
- Limited blast radius, so that even when unauthorized access happens, it does not have far reaching consequences as seen in the Target breach
- Improved operational performance, by limiting the chances of accidental downtime
- Faster audits and compliance, reducing time and effort involved with certification
Nonetheless, privilege minimization has historically been difficult to implement. Excessive privileges have historically resulted from a lack of coordination across IT management and security teams. User account management is done by IT, but privileged activity monitoring and assessing threats and malicious behaviors is under the purview of security. Use of disparate tools for authentication, authorization and monitoring, and lack of dynamic, and granular enforcement mechanisms often result in either onerous processes that reduce productivity or gaps that can be exploited.
Adoption of cloud-native and DevOps methodology further complicates this problem because it requires increased coordination across development, infrastructure and security teams, and makes prescription of any manual privilege management processes untenable. The surface area of reporting and management increases exponentially, with many more engineers having “administrative” rights to the cloud environment and its various components. Implementing privilege minimization requires adoption of agile security as code tools that can be a part of the CI/CD workflow and requires teams to have a culture for security.
Privilege Minimization at the Data Layer with Cyral
Organizations in today’s cloud native environment face critical challenges whereby they must build and rapidly deploy agile solutions, yet simultaneously enforce privilege minimization across more data repositories and users and services than ever before. As digital threats become increasingly sophisticated and widespread, it has become more critical than ever before to implement privilege minimization at the data layer itself. To learn how Cyral’s patented technology can help your organization make this critical transformation, sign up for a demo here.
Data Loss Prevention (DLP)
In the context of security, Data Loss is any event that causes either unintended exposure of data beyond the scope of granted rights or malicious …
Database Activity Monitoring
Database Activity Monitoring (DAM) refers to any solution that is used to actively monitor and analyze database activity. This technology is multipurpose, typically being used …