Defining Least-Privilege Cybersecurity for Today’s Global Businesses Landscape

As attackers continue to target passwords and other credentials to infiltrate organizations, IT and security teams must continue to protect these privileges. One of the top ways to secure these privileges is by instituting a least-privilege cybersecurity policy. This approach limits the exposure of credentials and reduces cyber risk by decreasing accessibility. Literally, this policy enables only the least amount of privilege needed, avoiding the granting of access to personnel who don’t need such access. Therefore, this limits the number of users with privileged access to credentials and accounts — and less users means less vulnerable endpoints.

Knowing that 80 percent of cybersecurity breaches involve the compromising of credentials, this protection is not just necessary — it’s vital.

These credentials enable access to organizations’ critical resources: services, applications, data and systems. These exist all over IT environments and are often taken for granted since access to them is part of the day-to-day task for many users. Few realize just how serious the credentials and the accounts and privileges they grant access to are within an organization. Attackers know this and the potential power they can gain if they are able to compromise the credentials — which is why they so often target these credentials.

Implementation of a least-privilege cybersecurity policy can dramatically shrink the attack surface, starting with the adoption of a zero-trust model.

Beginning with Zero-Trust

The zero-trust concept assumes that any user who attempts to access the organization’s network, services, applications, data or systems starts can’t be trusted and therefore is denied access. To gain authorized access, “trust” must be earned by the prospective user through verification. For example, verification can require two-factor authentication. In this instance, a user provides a password but then must take an additional step by using an authentication application. When new devices are introduced on the network — and before they obtain access to any resources — they must first identify and verify themselves based on security controls. The more sensitive the resources to be accessed, the more security controls they must satisfy.

Cybersecurity should always begin with zero trust, ensuring that only authorized access is permitted. After verification of identity is established, users can be classified according to the access they need to perform their jobs.

Least-privilege cybersecurity enables enforcement of a zero-trust security model whereby once a user is verified, the user’s access is limited to only what’s necessary to accomplish the specific task or job. If any user action desires or requires more access than granted via policy rules, permissions to elevate privileges are strictly controlled and monitored.

Clarifying Trust

Cybersecurity classifications of “trust” should be dynamic. This means you need to create policies or rules across the enterprise for identities, services, applications, data and systems. For example, you can have an “always verify” and “always monitor” policy for third-party vendors or contractor identities. Internal employee classifications would be adaptive based on the sensitivity of the data being accessed. An “always verify” policy would require credentials and multifactor authentication, while an “always monitor” policy would audit and record all activity.

These policies must be explicit in what they allow access to and to whom in order to maintain the least-privilege guideline.

Enforcing Least-Privilege Cybersecurity

Least-privilege enforcement has two aspects that must be ensured:

  • Privacy: When a user logs in, he or she can only see what she’s permitted to access.
  • Security: Based on specific privileged access, a user has limits on what applications/tasks he or she can run.

Least-privilege enforcement typically starts by removing local administrative privileges on endpoints, such as user laptops or mobile devices, so you can reduce your attack vulnerabilities and prevent most attacks from occurring. Least-privilege cybersecurity is effective at reducing major patch management headaches. Enforcing least-privilege security can help eliminate more than 90 percent of Microsoft Windows patches because most vulnerabilities require admin privileges to exploit them.

At Thycotic, we understand that by adopting a least-privilege cybersecurity approach and instituting necessary enforcement policies, organizations can significantly reduce their risk of being infiltrated through the attack vector used in four out of five security breaches.

Trust me. It’s well worth it.


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

10 Things You Didn’t Know about Molson Coors Brewing CEO Mark Hunter
Three Great Companies Hiring Remote Workers in 2019
How Phil Ivey Achieved a Net Worth of $100 Million
U.S. China Trade War Hits U.S. Economy by $7.8B
If You Want to be a Better Investor Stop Staring at Your Portfolio
How to Spot and Avoid Predatory Lenders
Expert Says Emotions Play a Key Role in Becoming a Successful Investor in the Stock Market
What To Do if You’re Missing Key Tax Documents
Is Facebook Building a Machine that Can Read Minds?
Foundations of 5G Success: Evolving and Innovating Towards Wireless Transformation
Can Apple Compete in the Smart Home Industry?
What Does Apple’s Acquisition in Lighthouse Mean for the Company?
How to Successfully Navigate Your Way Through Chicago’s O’Hare Airport
Scrub Island: The Private Island You Can Actually Book With Points
Why Lake Charles, Louisiana is a Must Visit
10 Things You Need to Do While in Kauai
A Closer Look at the 2020 Porsche 911 Carrera 4S Cabriolet
A Closer Look at The 2020 Jaguar XE
A Closer Look at The 2019 BMW M850i xDrive Coupe
Hispano Suiza Carmen: A $1.6 Million Electric Throwback with 1,019 HP
A Closer Look at The Ulysse Nardin Freak NeXt
A Closer Look at The Omega Seamaster Exclusive Boutique New York Limited Edition
A Closer Look at the Chopard L.U. C XPS Twist Qualite Fleurier
A Closer Look at the Urban Jurgensen One Collection