Saviynt Blog | Security News and Research

How Privileged Access Works with Zero Trust

Written by MJ Kaufmann | Dec 3, 2020 8:00:00 AM

New technology demands new ways of thinking. When the car replaced the horse as the standard mode of transportation, city planners had to rethink roadways and logistics completely. If they hadn’t, the new technology wouldn’t have been usable. 

Data security based on standing privilege worked well when everyone was using on-prem servers and VPNs. But now that networks have moved to the cloud, standing privilege creates undue risk. Employees with privileged access can become disgruntled or fooled by phishing attacks. And hackers can steal credentials more easily with advanced technology and constantly-changing methods. The problem isn’t a small one — 74% of today’s data breaches involve compromised privileged access credentials. 

Zero Trust solves this issue by eliminating standing privilege. No one has automatic trust. Every user (human and non-human) must request privileged access each time they want into a system, database, or application. And when access is granted, it’s time-limited. As a result, Zero Trust significantly reduces the damage that access violations can cause. 

Let’s look at how Zero Standing Privilege protects organizations.

What is Zero Standing Privilege?

Traditional approaches to access management attempt to protect identities that have permanent privileges. But as we’ve seen, modern technology (such as social engineering, phishing,  and keyloggers) allows attackers to too-easily swipe these identities. Rather than focus on risk mitigation, why not eliminate the risk caused by standing privilege? 

Just-in-Time and Just-Enough Access

Zero Trust replaces always-on privilege with least-privileged access, also called just-in-time or just-enough access. When a user requests privileged access, they’re granted it only if the request meets a set of criteria indicating it’s a standard one. And the user is given access to only what they need to complete the job — for a specific length of time necessary to complete the task. When the user has finished the task, they lose their access privileges. 

What About Admins?

Admin credentials with standing privilege are especially dangerous because hackers can gain access to an entire infrastructure — or steal an entire data warehouse of information — if they get control of a single admin account. With Zero Trust, no one has standing privilege, even admins. They also must request access and receive a temporary job-based identity to access what they need.

 
View the full KC Live Keynote Cloud PAM on the Rise: The Future is Now.
How Just-in-Time Privileged Access Works

Let’s dive deeper into the process of how just-in-time access is granted. 

  1. First, a user requests privileged access to a server, device, database, or application. 
  2. AI or an automated system evaluates the request based on a predetermined policy and/or a set of criteria based on analytics. 
  3. If the request is deemed standard and appropriate, the user gets automatically approved for time-limited access to the specific data or area needed to perform the task. (The time period may last a few minutes, days, weeks, or months, however long is necessary to complete the job.) 
  4. Once the user finishes the task or the time expires, the access identity (specific to that job) is disabled.
What If the Request is Unusual?

If, on the other hand, the request looks suspicious, the access management or identity governance system flags it. At that point, an administrator must evaluate the request and make a decision either to grant or deny access. Because the process is automated until a flag appears, administrators don’t face an excessive burden related to evaluating requests (as long as you’re using a high-quality, comprehensive identity governance solution that can carry the weight).

 

Find out more about how Saviynt facilitates Zero Trust and implements Zero Standing Privilege through our Cloud Privileged Access Management Solution.

Zero Standing Privilege Provides Improved Access Tracking

One of the benefits of Zero Trust is improved tracking of access. By default, you maintain a full audit trail of privileged activities, so you can easily identify who accessed what, when, and for how long. Besides allowing you to identify misuse quickly, this log helps you to meet compliance requirements without hassle.

Answering Current Security Threats

When your network does encounter a security threat, Zero Trust security architecture protects you. For example, if a disgruntled employee decides to look for customer data they shouldn’t have, their just-in-time/just-enough access privilege won’t allow them to leave the perimeter assigned to their identity. Additionally, repeated access requests and excessive data collection attempts are likely to flag the behavior as anomalous or risky. But external attacks make up the bulk of breaches — in fact, according to the Verizon 2020 DBIR, 55% of data breaches involve financially-motivated organized crime. When a hacker or malware like CryptoLocker attempts an attack using compromised credentials, an automated or AI-driven system based on Zero Standing Privilege will immediately flag the request and block access. Even if a bad actor does gain access using active credentials,  minimal damage occurs because access is limited.

Standing Privilege is a Wide-Open Door for Attackers

In the age of the cloud, standing privilege is no longer a workable security paradigm. The difficulty and cost of managing and protecting standing privilege credentials in today’s cloud environments are simply too great. Zero Trust and Zero Standing Privilege eliminate the risk involved in standing privilege by completely doing away with always-on privileges, leading to cost savings and better protection. 

Learn how the risk of privileged access in the cloud differs from traditional PAM security challenges in this webinar on Securing and Governing Privileged Access at Scale in a Cloud-native World.