How many years has the cybersecurity industry talked about “the password problem”? And how many years has the conclusion always been the same: passwords are one of the weakest links in the cybersecurity chain? They are always either too simple, stolen or lost. Or they become too complex to remember. But everybody has to use them. Right? Think again.
We can’t claim to be able to eliminate all the passwords from the world. But with us, you no longer need them, when your employees or subcontractors access your IT infrastructure where the critical data, customer-facing applications, production environments, hosts and business-critical networks reside in. So privileged users, like your system database administrators, DevOps and software engineers, security architects, Linux and Unix system administrators rejoice: now, you can get and grant access to the lifeblood of your company without having to deal with any type of permanent credentials whatsoever.
Since we at SSH.COM are proud to be listed as a just-in-time, lean privileged access management (PAM) vendor in Gartner’s “Remove Standing Privileges Through a Just-in-Time PAM Approach”, we thought we'd give you an overview of how to reimagine, redefine and revolutionize the way privileged access management (PAM) is approached, accompanied by quotes from our friends at Gartner.
Overview of Standing Privileges and Their Long-standing Issues
Defining Standing Privileges
“The existence of privileged access carries significant risk, and even with PAM tools in place, the residual risk of users with standing privileges remains high. Security and risk management leaders engaged in IAM must implement a zero standing privileges (ZSP) strategy through a just-in-time (JIT) model.” – Gartner
In the times of digital yore, when many existing PAM solutions were designed, the IT infrastructure was static and servers permanent. Fast-forward to the age of the cloud, and there can be hundreds or even thousands of instances spun up every day, even in a medium-sized company. That same number of instances could be eliminated just as quickly and easily.
This is the age of impermanence. Yet many companies and PAM solution providers still use permanent credentials which in Gartner's terms is an example of ‘standing privileges’.
Standing privileges refer to the constant, unfettered access rights granted to users within an IT environment. These privileges are often assigned to facilitate workflow but can inadvertently create security vulnerabilities if not managed correctly. Unlike dynamic access rights, which are time-bound and context-specific, standing privileges are permanent, creating a window of opportunity for malicious actors to exploit.
The Persistence of Standing Privileges in IT Environments
Despite the known risks, standing privileges persist in many IT environments. They are deeply embedded in legacy systems and traditional practices, where the principle of least privilege is often overlooked. This persistence is partly due to the operational convenience they offer, allowing administrators and business users uninterrupted access to systems and data necessary for their roles. However, this convenience comes at the cost of increased security risks.
Security Risks Associated with Standing Privileges
1. Operational Inefficiencies
Standing Privileges are bad for your operational efficiency: you end up constantly creating, managing, hunting and eliminating permanent credentials all the time - in an environment where the back-end is constantly shifting and the 'joiners, movers, leavers' is an always-on process. Just think about the sheer number of audit log files generated per access credential, user, vaulted password, and eliminated credential. We are no longer talking about terabytes of log data per day: it’s terrorbytes!
2. Complexities of Permanent Credential Management
Managing permanent credentials adds a lot of complexity and inertia into the mix simply because managing them often relies on agent-based software that might take months, even years to install. Read more about why you should streamline your PAM deployments and maintenance here.
3. Lateral Movement and Privilege Abuse
Utilizing lateral movement inside a network, a skilled user can self-provision greater levels of privilege and hop from one server to another. Often this means getting access to more valuable and sensitive information than originally intended.
4. The Dangers of Permanent Credentials with 3rd parties
We believe that permanent credentials are a permanent addition to the attack surface for nefarious actors. Privileged credentials are a desirable target for hackers, since they are generally trusted to be in control of highly-privileged users or monitored by one system or another.
Outsourcing has a lot of business benefits but it also means that you have to grant powerful access to people working outside your company. Now if you combine permanent privileged accounts given to 3rd parties and hackers who actively harvest permanent credentials, the potential attack surface increases exponentially. Even when controlled by "PAM basics like vaulting".
It is because you have to trust that:
-
3rd parties have permanent credentials at their disposal only for as long as necessary
-
all permanent credentials are actually discovered, in control, vaulted and their passwords rotated
-
consultants have the least amount of privilege required for the completion of each task to avoid privacy and compliance violations
-
all subcontractors use the credentials responsibly
-
nobody shares credentials with high levels of privilege externally (and further down the supply chain)
-
all activities can be identified and traced back to individual subcontractors
-
nobody accidentally misconfigures permanent credentials or forgets to remove them from the network
Trust alone is not a viable security strategy. Ensuring that third-party partners adhere to stringent security protocols is imperative. By integrating advanced PAM tools that enforce least privilege and automate credential management, organizations can mitigate the risks associated with standing privileges and maintain strong security hygiene.
5. Increased Attack Surface from the Limitation of Legacy PAM
“When personal privileged accounts exist in an environment, even when controlled by a PAM tool, the account and, therefore, the privileges exist, leaving the risk of standing privileges in the environment.” – Gartner.
There it is: if you have standing privileges in the environment, no matter how you manage, rotate or vault them, they constitute a risk. Some of the risks associated with permanent credentials include PAM bypass where the first session is established through a PAM solution as mandated by company security policies but the subsequent logins are actually an entirely different matter.
Legacy PAM vendors often emphasize the importance of rotating and vaulting permanent credentials. The reason might be that their solutions weren’t designed to be cloud-native and they need to retrofit and patch up their solutions to stay relevant. But how can you be sure that all credentials are really accounted for, in rotation and policy-compliant, when they need to be created, eliminated, hunted - and on-boarded to a vault - all the time? The most straightforward solution is not to try to live with powerful and permanent privileges, but to get rid of them entirely! That is true risk mitigation.
The Future of Privilege Management
Zero Standing Privileges (ZSP) Strategy
“By 2022, 40% of privileged access activity will leverage ZSP through JIT privilege elevation, effectively eliminating standing privileges, up from just 10% today.” - Gartner
Adopting a Zero Standing Privileges (ZSP) strategy is a forward-thinking approach to privilege management. It operates on the principle that no user should have permanent access rights within an IT environment. Instead, privileges are granted on an as-needed basis, minimizing the window of opportunity for cyber threats. This approach aligns with the Zero Trust framework, ensuring that trust is never assumed and must always be verified.
Just-in-time (JIT) Model
The Just-in-time (JIT) model complements the ZSP strategy by providing access only at the moment it is required, for a specific duration and purpose. This model drastically reduces the attack vectors available to malicious actors by ensuring that access rights are not left open unnecessarily. JIT access controls support workflows by granting privileges dynamically and revoking them immediately after use.
How SSH's PrivX Secures Privilege Access
“PAM basics like vaulting and session management help mitigate the risk of the existence of privileged accounts. JIT (just-in-time) reduces the risk of privileged access abuse, and ZSP (zero standing privileges) reduces the attack surface of the privileged accounts themselves.“ – Gartner
We understand it is important to address the problems of today but you just can’t ignore the problems of the future either. We know your current and legacy systems won’t disappear overnight so that is why 'on-prem friendly and cloud-native' is our mantra. When you are using any combination of on-premises and multi-cloud systems (AWS, Azure, GoogleCloud), managing access based on permanent credentials can turn into an extremely complicated and time-consuming mess. This, again, is one of the reasons why just-in-time, ephemeral access is gaining popularity.
Ephemeral access without standing privileges is nothing new to us. In 2016, we held a breakfast seminar together with BT Security, and Deloitte, and proudly presented the idea of “Dynamic service provision requires dynamic security thinking” as a precursor to our current JIT enabled solution. The solution itself - called PrivX -was introduced eight months later. We've been saying that PAM solutions need a new approach for quite some time now.
Check out the video below to get an overview of PrivX!
Some highlights include:
-
direct interfacing with your identity management system (IAM/Active Directory/LDAP)
-
role-based access controls (RBAC) linked with authorizations in IAM and automatically updated for any changes
-
SSO for privileged users (software engineers, DevOps, subcontractors, IT architects…)
-
“set it and forget it” for admins – PrivX stays in sync and automatically discovers new hosts
-
ephemeral, credential-less authentication for mitigating the risks associated with standing privileges
-
agentless installation for easy maintenance and lightning-fast deployment
-
consolidated access and view to workloads in multi-cloud (AWS, Azure, GoogleCloud) and on-prem environments
-
lean, micro-services architecture for future-proof scalability
-
“Not an IT project” – minimal training, instant on-boarding, automatic off-boarding and super low TCO
How about thinking beyond “basic PAM methods” and starting your journey towards zero standing privileges (ZSP) and just-in-time (JIT) model - together with us. PrivX brings you one giant step closer to that goal.
You can get the Gartner research here (takes you to the Gartner site).
Discover How PrivX Can Fortify Your Access Rights
PrivX by SSH.COM is a solution that is multi-cloud-native, on-prem friendly and grows at a cloud scale. The cloud forces companies to redesign their application architecture anyway, so we've come up with a PAM architecture that gives you a head start on your journey towards the cloud and carries you to the future as you cloudify even more.
In our solution, access is established using what we call unique, ephemeral certificates that are applied just-in-time (JIT) for authentication and that automatically expire after the connection to the target host has been made. There no longer is the need to rotate, store or worry about permanent credentials, since they have been removed from the equation and are no longer a burden to your operations. In our opinion, ZSP model is not only about security: it's also a matter of business velocity.
Don't just take our word for it; experience the power of PrivX firsthand. Get a demo today and witness the seamless integration, ease of deployment, and immediate impact on your security posture. Our demo will guide you through the functionalities and benefits, tailored to your specific needs. Take the first step towards transforming your access management now.
FAQ
What are the key differences between traditional and just-in-time access models for privileged accounts?
Traditional access models grant continuous access permissions, often leading to security threats from stolen credentials and unauthorized access.
Just-in-time access, on the other hand, allows users to request access only when needed, reducing the cyberattack surface and enhancing cybersecurity measures.
This dynamic model supports compliance reporting and minimizes the risk of breaches by implementing privilege provisioning only for the required time frame.
How does adopting a zero standing privileges (ZSP) strategy enhance cybersecurity?
Zero standing privileges (ZSP) eliminate continuous authentication for administrative accounts, reducing the risk of breaches. By allowing just-in-time access, ZSP minimizes the escalation of privileges and limits the potential for cybersecurity breaches.
What challenges arise from using agent-based software to manage privileged accounts in a cloud environment?
Agent-based software for managing privileged accounts often leads to legacy user groupings and operational inefficiencies. It can cause security threats due to the complexity of privilege provisioning and maintenance. In cloud environments, this can increase the risk of security breaches and complicate compliance reporting, as continuous authentication and monitoring are required to secure user access effectively.
How can organizations eliminate standing privileges to reduce their attack surface?
Organizations can reduce their cyberattack surface by eliminating standing privileges through just-in-time access models. This approach ensures that access permissions are granted only when users request access, minimizing the risk of stolen credentials and unauthorized privilege escalation.
Implementing ZSP and adopting security best practices, such as continuous monitoring and privilege provisioning, further enhances cybersecurity measures and reduces the potential for breaches.
What steps should be taken on the journey to ZSP for effective privileged access management?
To achieve effective privileged access management, organizations should start by auditing all administrative and vendor accounts to identify standing privileges.
Implement just-in-time access to ensure that user access is granted only when necessary. Adopt continuous authentication and monitoring to detect and prevent security threats. Ensure compliance reporting and regular review of access permissions to align with security best practices.
Jani Virkkula
Currently employed by SSH.COM as Product Marketing Manager, Jani is a mixed-marketing artist with a strong background in operator and cybersecurity businesses. His career path of translator->-tech writer -> marketer allows him to draw inspiration from different sources and gives him a unique perspective on all types...