As far as time goes back, selectively granting people access to resources has always been around. Modern cybersecurity solutions are no different. At some point in our technological history, system administrators started using templates for creating users and assigning access to resources. Although these templates could be configured in such a way as that they were reliant on, and often created from an open access point of view, correctly configured these templates could be an efficient form of security. This, unfortunately, also meant that administrators with limited knowledge could create template profiles for user accounts, which were based on atrophied blacklists. A blacklist-based security system typically relies on an administrator to add limitations to user accounts, where everything else is implicitly allowed.
There are several reasons why this methodology has been disbanded in recent years. The primary reason however has been that human nature meant that admins could experience oversight using this method. Oversight in the realm of cyber security could, and often do, end up in devastating data breaches by malicious actors exploiting such oversights. This is where the concept of least privilege access comes in. Where a blacklist environment would start by allowing everything, except the rules on the blacklist, a whitelist environment of the least privileged environment would be the opposite. Environments where the least privilege is utilized, start by disallowing all rights to of least privilege access all parties.
The essential principle behind least privilege is that users, programs, and any associated processes should only be given access to the bare minimum they need to operate effectively. A good example of this is where a user’s access to certain tables of a system database is limited based on their role. If the user does not need access to tables containing financial information, they are not given access to the whole database. In fact, with the least privilege, their access will be segregated to include only the bare minimum they need. This process of applying the least privilege can easily be automated through vendor tools too.
This principle is applied to programs and their processes too. For example, if a program needs access to a certain network drive, it will only be granted access to that one drive and none of the others. By default, the program and its associated services will start with access to nothing. It is then the responsibility of the administrator to approve and allocate access to the required resources.
There are numerous benefits to applying this kind of access paradigm.
First and foremost is the fact that least privilege offers far better security than its predecessor. With the previous paradigm, many users were given administrative rights on devices and therefore a much larger internal footprint. Through an elementary shift, by not giving every person administrative right on their workstation, for example, the efficacy of network security can be increased exponentially.
The least privilege also reduces the possible attack surface of networked systems and cloud environments. If an organization has 100 user accounts that have access to its resources and few or none of the accounts in use have administrative clearance, malicious actors would potentially not be able to do much in a networked environment if they gained access to some of the user accounts.
Having a system thoroughly locked down through least privilege would also add some protection against the unwanted spread of malware. Since malware needs to utilize the system accounts of its host, the chances of malware spreading to an entire organization are greatly reduced.
Are there any drawbacks though, or is this the silver bullet all online industries have been looking for to solve all their cybersecurity risks?
The greatest risk that exists with the least privilege, is that of human nature. When a user needs additional access for a limited period. Such access can be given when needed. The issue comes in when an administrator does not revoke such access when the need has passed. Forgetting to revoke the temporary access, is what might potentially facilitate a data breach. The least privilege, although extremely effective, remains dependent on correct implementation.
The best way to see how effective least privilege is to highlight how the industry leaders are implementing it. AWS utilizes Identity Access Management (AIM) which allows administrators to create account policies and permissions that can then be applied to user accounts. This process can be refined with vendor tools like the AM Access Analyzer. This tool scans and actively monitors user accounts for least privilege configuration anomalies. Allowing administrators to adjust user privileges where necessary.
