Improve security with the principle of least privilege
Authored by Ana Hilstad, Senior Product Marketing Manager
The principle
The principle (and practice) of least privilege requires that users should be granted access only to the data and operations of applications that are absolutely needed to perform their jobs. Furthermore, users should only have the minimal amount of access, for only the amount of time required to execute their tasks. This concept is designed to minimize the attack surface of an application and reduce the impact should a security breach occur.
There are numerous methods that organizations use to control access in the name of least privilege. Here are just a few:
- Build an access model – Build and continue to optimize identities using an access model that establishes and maintains least privilege
- Remove unnecessary access –Investigate anomalous access and remove it as necessary
- Reduce access –Use certification campaigns to review and adjust access as needed to the appropriate entitlement level
- Audit for access creep –Conduct audits to review existing accounts to ensure there’s no access sprawl
- Separation of duties –Implement separation of privileges by having various levels of access from higher to lower, depending on job functions
The challenge
If done correctly, these methods require that organizations know how their workers are using the access they have. It is a common challenge for organizations to not have a way of tracking who is or, more importantly, who is not using their access. Working with manual IGA processes in multiple disparate systems makes it virtually impossible to know who is logging into what application, how they are using that application, and what entitlement is allowing them to do their work. This essential piece of information is crucial not only for identity admins but also for managers tasked with granting access and managing certification campaigns.
Welcome, user Activity Insights!
SailPoint is delivering crucial activity information in our identity security cloud solution for identity teams and other stakeholders responsible for managing access to SaaS applications. SailPoint’s Activity Insights provides information about usage patterns and activity trends for entitlements and applications. When identity administrators or business managers certify or approve access, they can now see how often an identity uses their access compared to their peers to determine whether maintaining access is appropriate. If an identity has not accessed a particular application for a length of time, the certifying manager may determine that the identity no longer needs access to that application and can confidently choose to revoke it. This is one of the most effective ways to maintain appropriate, least privileged access.
Without activity data, taking access away is highly unlikely as managers risk data and productivity loss. When these activity data points are used along with artificial intelligence and machine learning, the result is actionable insights useful for making decisions within certification campaigns, role modeling, and management of anomalous access in the form of identity outliers.
In lieu of exhaustive research and interviews to obtain user activity information, identity program stakeholders can access this information in a central location within SailPoint’s identity security cloud solution. Future enhancements will use Activity Insights as part of AI and ML analysis and can be directly integrated into access and role recommendations, risk scoring, and identity outliers contextual insights for routine identity maintenance tasks. Incorporating this data element into every aspect of an identity program ensures that roles are built with the least privilege from the start, provides indications of risky access, and is an informative piece of data to help organizations demonstrate compliance.
The benefits of maintaining least privilege access using Activity Insights
Reduces the attack surface
Limiting privileges to only what is absolutely needed reduces the overall attack surface of your organization, minimizing the various paths bad actors could use to threaten your sensitive data. By limiting internal access, you make it easier to prevent, identify, and protect against dangerous activity. Activity Insights provides the contextual information identity stakeholders need to confidently unused access and limit risky exposure.
Increases worker productivity
The principle of least privilege, when properly implemented, improves workforce productivity by providing the right access only at the time it’s needed. Because Activity Insights provides usage information and peer comparisons of access use, it ensures that only unused or blatantly unnecessary access is removed.
Facilitates audit preparedness
In addition to fulfilling a common compliance requirement, Activity Insights helps organizations prepare to pass an audit by providing an auditable trail of activity information. Compliance managers and internal auditors will benefit from understanding the analysis used during the decision process, which can be used to demonstrate compliance.
Defends against human error
Activity Insights takes the guesswork out of managing identities. Whether through mistake or negligence, human users can cause great damage to an organization when identity stakeholders are operating without information. By providing an extra layer of real-time data, Activity Insights complements the least privilege access controls model, reducing risk while maintaining high productivity.
You can learn more about SailPoint’s Activity Insights in our video.