If we agree that standing privilege is defined as that accounts have persistent privilege access for all time on some set of systems. Zero standing privilege is the exact opposite. It is the purest form of just-in-time administrator access, ensuring that the principle of least privilege is enforced by granting, to authorized users, the privileged access they need for the minimum time and only the minimum rights that they need. This elimination of standing privilege through zero standing privilege is really a key inflection point in the understanding of privilege access today.
This figure outlines the risk exposure of an account with standing privileges versus an account in a Zero Standing Privilege environment:
As mentioned above, the first step to addressing standing privilege is understanding what administrator credentials exist. There are two key components to measuring standing privilege successfully. The first component is the ability to discover and identify persistent accounts across workstations and servers and map out admin access on a system by system basis:
Example chart describing the number of admin credentials in an enterprise environment – 21M admin rights across ~50K systems
The second component is the ability to measure changes to access over time. As mentioned in previous sections, admin rights can change for many different reasons. New members are always added as Help desks and Administrator teams grow. However, old members who leave their teams or the company, aren’t always removed in a timely fashion.
Example - the number of admin credentials in an enterprise environment – 21M admin rights across ~50K systems
The first step to remediating standing privilege is to “stop the bleeding” by preventing the creation of new rogue administrator accounts are not created or bifurcated. It is critical that firms have the ability to do this across all types of systems (Windows, Mac, Linux) and all types of access (local, group, domain).
Once the “bleeding” has stopped, the next step is to review the access identified in step 1 and determine which accounts are authorized and which accounts are not (and to what system(s)). Unauthorized access should then be revoked, ideally in bulk, to quickly mitigate one of the accounts being compromised.
The last step to achieving Zero Standing Privilege is shift administrators into a just-in-time mode that allows them to gain access to the system they need to perform required tasks, but only for the right time frame and only to the right system(s). Access should be revoked once the work is complete and only provisioned back (limited to the right system for the right time frame) when needed again.
Michael Kelley, Gartner
Remove Standing Privileges Through a Just-in-Time PAM Approach
It is encouraging to see the market has started to recognize standing privilege as a key risk that needs to be addressed and that vaulting secrets and rotating local admin passwords on critical servers are not sufficient. Attackers are targeting workstations as the low hanging fruit and using the admin access available from those workstations to spread across networks.
The credential has become a commodity that will be breached. So, focus and spend needs to start shifting towards the access the credentials provide. As an industry, if we do not take a Zero Standing Privilege stance in our environments, stolen credentials will continue as attacker low hanging fruit and continue to contribute to 80% of data breaches.