Zero Standing Privileges (ZSP)
Contents
Traditional PAM creates standing privileges
The risks of standing privileges
Gartner Zero Standing Privileges recommendations
What are standing privileges?
Standing privileges is a term that describes broad user access privileges that are essentially “always on.” In other words, a user with standing privileges to critical IT resources always has those privileges, regardless of whether that user actually needs access to those resources at this time, or indeed ever.
Standing privileges run counter to the principle of least privileged access, which is one of the core philosophies of the Zero Trust framework. That principle argues that users should only have access to the exact resources they need to do their job at a given time, and no more than that.
Traditional PAM creates standing privileges
Typically, any organization with network infrastucture or any critical data or assets, has personal privileged accounts in play - privileged accounts and privileges exist. Traditional PAM tools have relied on the creation of accounts and privileges.
As the need for privileged access provisioning has grown in complex environments, enterprises face challenges to achieve ZSP. Administrative and maintenance access that includes broad privileges, persistant shared accounts, superuser and root accounts, never-offboarded 3rd party privileges, and password-based access to systems and applications, all contribute the growth of standing privileges.
The risks of standing privileges
Standing privileges create the risk of excessive access. If user credentials with standing privileges are compromised, a hacker could have unencumbered access to all of the IT resources those credentials can access, at all times. Organizations that are looking to reduce their attack surface, the risk of data breaches and achieve compliance should make it a priority to eliminate the number of accounts that have standing privileges and to move toward a zero standing privilege framework.
What Are Zero Standing Privileges?
Zero Standing Privileges (ZSP) is a term coined by analysts, Gartner, to describe the target state for privileged access in an organization to minimize risk of stolen credentials, privilege abuse, breaches, data loss and non-compliance.
Gartner's summary of their Remove Standing Privileges Through a Just-in-Time PAM Approach research states: "The existence of privileged access carries significant risk, and even with PAM tools in place, the residual risk of users with standing privileges remains high. Security and risk management leaders engaged in IAM must implement a zero standing privileges strategy through a just-in-time model."
Zero Standing Privileges solutions
SSH.COM has developed a comprehensive set of just-in-time (JIT) Zero Trust solutions that support Gartner's approach for Zero Standing Privileges for user or machine ID authentication. This helps to mitigate the risk of managing digital keys, privileged passwords and other secrets (like API tokens or certificates) by greatly reducing their numbers in IT infrastructures. Learn more about the SSH's Zero Trust and Just-in-time (JIT) solutions here.