The security principle of least privilege is the practice of limiting permissions to the minimal level that will allow users to perform their jobs. For example, an employee working in HR doesn't need and shouldn't be granted access to the company's customer database. Enforcing least privilege plays a key role in containing the damage malicious users can cause. However, a serious mismatch between an individual's responsibilities and their privilege and access rights can occur following a change of roles, department reorganization or merger. This mismatch, known as privilege creep, occurs when a user slowly acquires new privileges without having those from former roles removed.
To prevent this from undermining overall security, user accounts need to be regularly audited to ensure users aren't accumulating unnecessary permissions as their roles or responsibilities change. Without a robust audit process there is a real danger of privilege creep.
Keeping privileges aligned
To prevent privilege creep and keep privileges aligned with each employee's tasks and responsibilities, an organization's employee lifecycle management policy has to include a robust documented process. This process should cover the IT-related actions HR needs to complete when there are changes to personnel or personnel roles, one of which is to notify network administrators so assigned roles and privileges can be updated and redundant accounts closed. Manually trying to manage a large number of users' privileges, though, is a time-consuming and resource-draining process and will lead to mistakes and oversights.
Investment in a privileged account security product that manages and monitors privileged users, sessions and applications will prevent the far greater costs of dealing with security incidents and data breaches resulting from privilege creep, and misassigned or abused privileges. These products can also be scaled as the organization grows or moves into the cloud. Conjur's Secrets Management System, for example, can monitor, manage and audit identities and permissions across a wide range of IT infrastructures; the same is true of Centrify's Server Suite, which centralizes the creation and granting of role-based privileges across Windows, Linux and UNIX systems. Vendors such as Okta offer identity and access management as a service tools that can make authenticating and managing users in the cloud a lot simpler and less prone to needed oversight because they integrate with existing HR systems. Enterprises who use Amazon Web Services should take advantage of its credential reporting features, which list all users in an account and the status of their various credentials, including passwords, access keys and multifactor authentication devices.
Importance of audits
Even with automated role-assignment technologies, privilege creep can still occur during periods of high staff turnover, if legacy applications are upgraded or replaced, and when new applications or services are rolled out. This means account monitoring and regular audits are essential to find and correct misassigned privileges so user accounts and privileges match with HR's job descriptions. Role-based privileges should be routinely reviewed to ensure the associated privileges are still relevant and required; this should certainly be carried out after any restructuring within an organization. Remember, too, that the sensitivity of data held in different servers and databases can change over time, so access privileges will need to be realigned accordingly.
Staying on top of trusted users and their privileges is not one of IT security's most glamorous tasks, but it does play a significant role in improving the security of an organization's network and cloud environments by reducing privilege creep, and the occurrence of misassigned privileges and their misuse.
Learn how to reduce security incidents by limiting privileged accounts
Find out how to update your IAM strategy to integrate with new technology
Discover why you enterprise should adopt network access control products