Youattest Logo

Zero Standing Privilege and Your IGA Program

Zero Standing Privilege and Your IGA Program are co related and come from Zero Standing Privilege which is from Gartner, the analyst firm.  The concept is to address constant raiding and misuse of administrative accounts. What’s the Zero Standing Privilege and Your IGA Program approach to admin take-over?  Remove the spoon (to misquote the famous Matrix line).   That is have no or limited  accounts that have standing admin privileges. Instead, ZSP says to improve IT security by removing standing privileges and dynamically associate the privilege to a “standing account” when the account needs the advanced privileges.  But What is Zero Standing Privilege and How Does it Relate to Your IGA Program?

As a company, you want your information as protected as possible. Securing information is easy. Take your information, put it behind locks, and throw away the key. It is definitely secure, but in reality, your business needs to function and that information is necessary for it to function. So, a simple problem is complicated by the need for access. Accessibility is the number one reason your system needs security in place.

Image #1: Zero Standing Privilege (ZSP) is the concept of providing dynanic privilege to accounts – instead of static (standing) admin accounts. ( Zero Standing Privilege and Your IGA Program)

Zero Standing Privilege and Your IGA Program

An even better way to secure the door is to add Zero Standing Privilege.   Zero standing privilege is the idea of better IT security by removing standing privileges with the elimination accounts that have administrative rights attached to them. Keeping these administrative accounts leaves risk to your security in the unfortunate event that these accounts are hacked. Think about the idea of putting these accounts behind that door with access available, any bad actor could get through the door to access that powerful account and wreak havoc. These accounts also need to be manually put away by administrators.

So, we eliminate the risks of having lingering privileged accounts by implementing zero standing privilege. The goal is to make access to all privileged access only accessible through request. This request will then be evaluated and verified for the user requesting. If they meet the requirements to sign out this privileged access they will, but only for a specific duration designated for the function. This means when this specific period is over, they will lose those permissions and the privileged account will be automatically returned.

With zero standing privilege we can make the door accessible, but with a catch. The door is only open when you are looking to do something specific, you can only do that specific function when you enter, and you will be kicked out when you are done or you have run out of time. On top of that each time you request to go through the door, you need to be approved to do so. This will help to keep your privileged access managed and keep your business secure.

But what about IGA?

Imagine a door. Behind this door is all the information a group of employees needs to complete their tasks for the company. You could leave the door open, but that leaves the door open for a bad actor to abuse their access and harm the integrity of your system. So, keep the door closed, but then the employees cannot fulfill their tasks. Neither approach works. What you need is an IGA or Identity Governance and Admin component to your Identity Access Management (IAM) program.

IGA makes sure that the access granted is at the correct levels – and most importantly not too much access. The guiding principle is known as “principle of least privilege” e.g. PR.AC-6 from the  NIST SP 800-53 . Zero Standing Privilege expands on this concept of PR.AC-6 and creates a dynamic ability to grant these necessary heightened privileges.  Just like static admin roles – these dynamic privileges and privilege grants need to be attested to – to insure they meet w/ best security and compliance practices.

YouAttest is an automated identity audit tool for Okta, AD and other resources. Cloud based and simple to use – YouAttest provides a quantified platform for your identity audits. Schedule an appointment with a YouAttest identity audit professional. Looking for more information about Zero Standing Privilege and Your IGA Program, please feel free to schedule an appointment or write back to us.