One of the most basic things an organization can do to mitigate the risk of a security breach is implement the principle of least privilege (POLP). Read this blog to learn what POLP is and how you can use this principle to strengthen your security posture.
The Principle of Least Privilege Definition
What is the principle of least privilege? The principle of least privilege (POLP), or “principle of least authority,” is a security best practice that requires limiting privileges to the minimum necessary to perform the job or task.
One key aspect of implementing the principle of least privilege security is to limit the access rights of user, admin and computer accounts. For example, an employee who works in sales should not be given access to financial records, and a marketer should not have administrator privileges.
However, the principle of least privilege has broader applicability, including physical access controls for sensitive areas like server rooms and data centers.
Organizations can reap many benefits by implementing POLP practices. These include:
- Better security: POLP can limit the damage from insider threats, including both malicious attacks and errors, since users can access only the IT resources they need to do their jobs.
- Reduced opportunity for privilege escalation: Limiting the number of privileged access accounts makes it harder for third-party attackers to gain access to sensitive data and systems.
- Protection against other attacks: Implementing the principle of least privilege can limit the spread of malware and related threats within the network.
Core Security Practices for Implementing POLP
Three key strategies are especially valuable for implementing the principle of least privilege:
Limit the rights of user accounts
One of the most effective — and yet underutilized — ways to reduce risk is to ensure each user has only the type and level of permissions needed to get their job done. After all, if a user does not have access to sensitive data, they cannot accidentally attach those files to an email or deliberately download them to take to a competitor when they quit. An if an adversary takes over the user’s account, they will have access to only a limited set of IT resources.
Use a just-in-time (JIT) strategy to grant elevated access rights
Just-in-time (JIT) access involves creating new credentials every time a user requests access to a resource. Once the user completes the task, the system automatically destroys those credentials.
JIT is normally used for employees who temporarily need high-level access or access to applications, systems, servers or other IT resources they do not normally use. In particular, organizations can grant just-in-time access to IT team members who need to perform an administrative task, such as resolving a support ticket. Of course, in keeping with a Zero Trust security model, the process should include verifying the identity of the person requesting access.
Aim for zero standing privileges
Zero standing privilege (ZSP) is a privileged access management (PAM) strategy that goes hand-in-hand with JIT. Once you can efficiently grant users elevated access exactly when it’s needed, you can eliminate their “always-on” privileged accounts.
Implementing ZSP can dramatically reduce the attack surface area of your business. Indeed, many organizations today have dozens or even hundreds of accounts with elevated rights to sensitive data and applications. The owners of those accounts — or an attacker who comprises them — could deliberately or accidentally modify critical software settings or delete valuable data. But with zero standing privilege, those accounts lack the necessary elevated rights to do that kind of serious damage. Instead, admins must request the elevated rights they need to complete a specific task.
How to Implement the Principle of Least Privilege
For stronger information security, follow these steps to implement the principle of least privilege (POLP).
Discover
Scan and catalog all systems and directories attached to the corporate network. Enumerate all accounts and the membership of all groups, including all built-in administrative groups.
Regularly review privileges
Regularly review the permissions of all accounts and groups, especially those with privileged access to vital resources such as Active Directory (AD). Ideally, use solutions that enable role-based provisioning of permissions, make it easy for data owners to review the access rights to their data and provide workflows that empower users to request access directly from resource owners.
Monitor
Audit the use of privileged accounts. Ensure that any credentials exposed for any time are rotated after use. Through appropriate control mechanisms, ensure that entitlements are removed when no longer appropriate.
Least Privilege Best Practices
As you implement the principle of least privilege, keep the following best practices and principle of least privilege examples in mind.
Minimize privileges based on the requirements of the user’s role or task
Each user account should enable the user to do what they are required to do as part of their job.
Minimize privileges for non-human accounts such as service accounts
Implement applications in a test environment where you can determine exactly what permissions the service account needs. Some vendors say that administrative access is required even when lesser permissions are sufficient. In addition, be sure to change the default credentials for service accounts.
Perform periodic access reviews to ensure that the principle of least privilege is being followed
It is common for employees to change roles or departments — but what’s less common is for their access rights to be properly adjusted upon each a change. Employees often build up a large set of privileges over time, and it’s important to remove unneeded privileges to reduce risk to your systems and data.
Related Best Practices
Implementing the principle of least privilege is a great way to reduce your attack surface area and enhance security. However, be sure to round out your security strategy with these other key best practices:
Use privileged accounts only when needed for the task at hand.
Each admin should have a user account with standard privileges to read email, browse the internet and so on. They should log on with credentials that grant elevated privilege only when they need to perform administrative tasks.
Audit the activity of all accounts, especially privileged accounts.
You must be able to track and analyze when and how users authenticate, which tasks they perform, and the specific changes they make in the environment.
Implement multifactor authentication for IT administrative accounts.
Administrators should be required to authenticate normally (such as with their user ID and password), and then complete a second step using a different authentication mechanism (such as a hardware token or fingerprint) every time they want to perform administrative tasks.
How Netwrix Can Help
Netwrix privileged access management software empowers you to replace standing privileged accounts with just-in-time privileged access. Netwrix PAM solutions can help your organization:
- Reduce security risks — When an admin needs elevated rights to perform a particular task, you can either create an ephemeral account with the necessary permissions or temporarily elevate the permissions for the user’s existing account. In either case, the elevated access disappears immediately once the task is complete, leaving no standing account for an adversary to compromise or the owner to misuse.
- Secure privileged access — Validate identities in accordance with Zero Trust principles by enforcing contextual multifactor authentication (MFA) for each privileged session using granular policies tailored to specific actions and resources.
- Spot improper privileged activity — Closely monitor all privileged account activity and be alerted immediately about suspicious behavior, both on premises and in the cloud.
- Minimize your attack surface with automatic cleanup — Mitigate the risk of Pass-the-Hash, Golden Ticket and related attacks with automatic purging of Kerberos tickets after each privileged session.
Frequently Asked Questions
What are the three principles of least privilege?
The three principles of least privilege are:
- Confidentiality: Keeping digital data secret, which involves ensuring that only authorized users have access to specific assets
- Integrity: Ensuring that data is authentic, correct and reliable because it has not been tampered with
- Availability: Ensuring that authorized users have reliable and timely access to IT resources when needed
Together, these principles are known as the CIA triad. They should be the cornerstone of every company’s security strategy.
What is an example of least privilege?
With least privilege, each user in an organization has access to only the resources they need to do their job. For instance, the sales teams at a software development company do not have access to the code that the developers are building, and the developers do not have access to the customer information that the salespeople need to contact prospects and close deals.
Why is the principle of least privilege important?
Implementing the principle of least privilege reduces a company’s attack surface by limiting the IT resources that a user — or an adversary with compromised credentials — can access.