If you were going on vacation and hiring someone to watch your house, would you leave them your spare key? Or would you give them your full set of house and car keys, several credit cards, and your social security card?
The answer should be obvious. Of course you wouldn’t give a stranger keys to your whole kingdom. In fact, especially savvy clients may spend time figuring out the very least access they could give a house sitter without interfering with their job.
The idea of giving employees the lowest-possible access to do their jobs is called the principle of least privilege (PoLP), and it’s just as important in business environments as it is in your own home. PoLP is an essential component to privileged access management (PAM). In this article, you’ll learn what least privilege is and why it needs to be a part of your organization’s security strategy.
Definition of Least Privilege
To get started, let’s get a clear idea of what PoLP entails. Least privilege is the concept of giving users the least possible access to company resources like servers, applications, and devices, without interfering with their job. It’s a balance between maintaining the highest standards of security, without compromising productivity.
Least privilege is also an integral part of a holistic privileged access management (PAM) security strategy. PAM is the overall framework of how your company manages and secures privileged accounts and devices (that is, accounts with more than average clearance or access). It’s made up of two main principles: least privilege and privileged access.
It’s important to note that while least privilege is most commonly used in the context of user accounts, it’s not exclusive to managing employee identities. PoLP can — and should — also be used to manage networks and devices.
Privileged vs. Non-Privileged Accounts
While least privilege in the context of PAM is about managing privileged accounts, the term itself is not superuser-exclusive. Every employee, regardless of account type, should be given minimum necessary access to company resources. But what that access looks like will differ depending on account type.
- Privileged accounts (sometimes called superuser accounts) have access above and beyond the standard user options. Think administrator overrides, the ability to access sensitive or classified company information, or the ability to remotely push updates to multiple user devices. These accounts may belong to executive leadership or IT teams.
- Non-privileged accounts (sometimes called standard accounts) have only basic access to the servers and applications necessary to do their job. While a non-privileged user in marketing may have fuller access to Adobe Creative Suites than an accountant, neither of them can use administrative overrides in their applications. This is the “typical” employee account, and in a normal organization, 85-90% of all accounts should be non-privileged.
Note that though privileged and non-privileged accounts are different, the principles of least privilege should be applied to all user accounts in your organization, not just privileged ones.
Least Privilege Examples
Using our example of the house sitter from the intro, let’s take a closer look at least privilege in action. Say that all your house sitter needs to do every day is water your plants. Normal privilege may be giving them a garage door opener or keys to your house. But least privilege challenges you to be even more secure.
Instead of giving the sitter whole-house keys, what if you only gave them a key to the greenhouse in your backyard, and before going out of town you moved all your houseplants into the greenhouse? This gives them access to do what you’re paying them for, but no more.
Now, let’s apply PoLP to businesses. Check out the three examples below.
- An in-house IT administrator’s account is privileged, since they can access the underlying tools that manage user passwords, remote overrides, and software updates. But least privilege ensures that that account can’t access sensitive financial info or employee files.
- A CFO’s account is privileged, since he or she can access all company financial documents, spreadsheets, and servers. But under least privilege, even the CFO can’t access IT admin resources.
- An externally contracted web designer may still have a privileged account if they have access to the back end of the company website. But the principle of least privilege will ensure they can’t access any employee-only resources or information.
Notice a similarity in all four of these examples: least privilege doesn’t keep any of these people from doing their job. If anything, least privilege acts as guardrails to keep them focused on their scope, and nothing else.
Importance of Least Privilege
To understand least privilege is to appreciate its value. But the importance extends far beyond increasing your organization’s security posture. PoLP also offers users a more focused, streamlined experience, and makes it easier for your company to prove compliance.
Decreased Risk of Cyberattacks
Let’s get the obvious one out of the way: least privilege ensures the least amount of people possible have access to your company’s most sensitive apps and data. And the fewer people who can access it, the fewer opportunities cybercriminals have to compromise an identity.
This is especially important in the remote-first business environments many of us now work in. According to Verizon’s 2021 Data Breach Investigations Report, 61% of all data breaches in 2021 happened due to compromised credentials. And these attacks are becoming more and more common. In fact, according to the Identity Theft Resource Center, the number of breaches in the first nine months of 2021 already exceeded the total number of reported events in 2020 by 17%.
While implementing least privilege in itself doesn’t guarantee your company will be safe from cyberattacks, it does significantly reduce the damage a criminal can inflict.
Streamlined User Experience
Far from keeping employees from doing their jobs, least privilege can actually improve productivity. Let’s go back to our house sitter example again. If you were the house sitter, would it be easier for your client to hand you one key to the greenhouse, with a map to every plant you need to water and specific instructions, or a large ring of keys that opens many doors to plants scattered throughout the house, and no instructions?
Most of us would choose the former. Having access to only what you need can reduce the amount of noise you have to sift through to carry out a task. Similarly, locking down unnecessary user privileges can make it easier for employees to learn your applications and to do their jobs, when they only have access that is essential to their work.
Easier to Monitor Compliance
If you don’t decide to use least privilege practices voluntarily, you may ultimately be forced anyway, in order to remain compliant with certain government or industry requirements.
Many governments and organizations require their members to implement least privilege as part of ensuring their data’s safety and security. Having an airtight PoLP strategy already in place makes demonstrating compliance easy, because it gives you a clear way to log and track all privileged account access and activity. Minimizing these privileged users makes for an even simpler, more streamlined compliance log, since fewer privileged users to track means less chance for mistakes to happen.
Implementing Least Privilege
If least privilege is a foreign concept at your company, implementing it may take an initial investment of time or training. But the increased security and peace of mind are sure to pay dividends in the long run. Our advice? Take things one step at a time.
Step 1: Audit Current User Privileges
The first step to least privilege implementation is getting a complete picture of your current users’ privileges. This means auditing the whole system to understand who has what access to which applications, servers, and devices.
Be especially cognizant of privilege creep in this step, which is when an account is granted privileged access, but that access is not taken away once the task is performed. In a complex environment without a cloud-based security software to easily track, provision, and deprovision privileges, it’s highly likely some accounts have access they no longer need.
Step 2: Remove Unnecessary Privileges and Use Segmentation to Reassign Access
Once you’ve identified which accounts are over-privileged, it’s time for the hard part: take those privileges away. The easiest way to do this is to revert all accounts back to basic access, and then segment higher-clearance users to quickly get their access back. While this may pose an initial inconvenience for users, it’s the best way to ensure you’ve caught all privilege creep.
With modern user management technology like JumpCloud, you can easily segment user groups based on job role. For example, you can assign higher privilege access to all executive leadership, or enable all users with a certain IT admin clearance level higher access to their applications and resources.
For the highest-clearance superusers, consider privileging these accounts individually instead of assigning batch privileges. For example, an “all accountants” group may be able to access payroll and taxes, but only the CFO may need privileged access to the business’s cash flow error spreadsheet.
Step 3: Default to Least Privilege in Future and Keep Monitoring
Setting up user groups makes it much easier to onboard new employees into your least privilege organization, but this isn’t a “set it and forget it” process. You must continuously monitor user accounts and access, especially privileged accounts, to ensure you can catch issues before they become big problems. Review activity and access logs at least weekly to check for unusual activity, like failed login attempts or requested changes to access.
You also need to monitor privileges on a larger scale. We recommend performing a least-privilege audit at least quarterly to ensure all accounts have what they need for their current roles, and nothing else. This is particularly important for any employees whose job descriptions may have grown or changed, or who moved to new roles within the organization.
Least Privilege and Cloud Security: the Gold Standard
A successful PoLP strategy is the perfect balance between security and productivity. Employees have what they need to do their job, with established guardrails in place to reduce the chance of cyberattacks and user error. But the key to least privilege working is constant monitoring, which can represent a significant workload for an already overburdened IT organization. That’s where cloud directory platforms like JumpCloud come in.
A modern cloud directory platform offers an efficient, combined approach to least privilege by converging directory services, privileged account management, directory extensions, web app single sign-on (SSO), and multi-factor authentication into one optimized SaaS-based solution.
These platforms offer centralized privileged identities instantly mapped to IT resources like devices, applications, and networks, regardless of platform, provider, location, or protocol. They also leverage multiple protocols such as LDAP, RADIUS, SAML, and SCIM so IT admins can seamlessly provision and deprovision, while users have secure, frictionless access to their resources.If you’re interested in learning more about how to implement a least privilege solution, drop us a note. We’d love to chat about how you can leverage JumpCloud’s Cloud Directory Platform, or try it yourself by signing up for a free account. Your first 10 users and 10 systems are free. If you have any questions, access our in-app chat 24×7 during the first 10 days and a customer success engineer will be there to help.