Zero standing privilege (ZSP) is an applied zero trust security strategy for privileged access management (PAM). The term zero standing privilege was coined by an analyst at Gartner. In practice, it implies no users should be pre-assigned with administrative account privileges.
Zero-trust security forbids authorization based on static predefined trust boundaries. ZSP applies the same concept to access controls and mandates that users' privileges only be assigned during the time of access and not by default. ZSP significantly reduces the risks of privilege abuse and privilege compromise.
Importance of zero standing privilege
According to the Verizon insider threat report 2019, 20% of cybersecurity incidents result from privilege misuse. And 57% of database breaches involved insider threats. It is known that credential compromises, privilege misuse, and insider threats pose significant risks to organizations.
Even when the principle of least privilege is followed, attackers can find a way to escalate privileges since by definition, at least some standing privilege has been assigned. Accounting for an average time of 287 days to identify a data breach, the opportunity window for attackers to misuse compromised privileged accounts or stolen credentials is huge. It buys them more time to explore ways to escalate privilege even when the least possible privileges are applied. Zero standing privilege makes it much more difficult for attackers to explore privilege escalation vulnerabilities since a core tenant of ZSP is that privileges should only be assigned during the time of access and revoked once the reason for access is addressed.
Zero standing privilege in a modern privileged access management solution
Zero standing privilege is an essential feature of a modern PAM solution. But there are also many other concepts related to privilege management that circle around in the PAM ecosystem, such as the principle of least privilege, just-in-time access, just enough access, etc. Let’s explore how zero standing privilege compares with the concepts mentioned above.
Zero standing privilege and principles of least privilege
The principle of least privilege states that users should only be allowed the minimum permissions to perform specific tasks. On the other hand, zero standing privilege suggests that even the least amount of privilege has a risk of getting compromised or misused by malicious insiders or external adversaries. As such, users should not be granted or pre-assigned with any privilege at all. Instead, each required privilege should be granted just at the time of access and be revoked once access is completed.
Zero standing privilege and just enough access
Just enough access is a synonym for applying the principle of least privilege to users with just the required privileges. So our comparison of zero-standing privilege and principles of least privilege applies here as well.
Zero standing access or zero standing privilege?
Although these terms are used interchangeably, zero standing access covers the whole access process (login, authorization, auditing, etc.), not just zero standing privilege. Conceptually, zero standing privilege only covers the privilege granting process. One example is that Microsoft prefers the term zero standing access to describe applying PAM in MS Office 365 solutions since it is more holistic.
Zero standing privilege and just-in-time access (JIT)
When zero standing privilege is implemented, users no longer have access to administrator rights or privileges to any resources. So how is the access granting process managed? Just-in-time access, also called JIT, is the process used precisely for this purpose. With JIT, users submit a request for access with required privileges to an administrator. Upon verification, administrators can either grant or deny requested privileges. Just-in-time access is also sometimes referred to as just-in-time privilege. "JIT access" usually refers to the entire user access process. In contrast, "JIT privilege" is mainly used to refer to the privilege granting process itself.
Zero standing privilege in practice
Below we list four recommended ways to apply ZSP in practice.
Implement RBAC: RBAC is an authorization model where users are mapped with roles and privileges at a granular level.
Remove standing privileges from all user accounts: This can be easily applied if authorization policies, such as RBAC, are implemented to manage user roles and privileges.
Implement a just-in-time access (JIT) access request workflow: A JIT access workflow will enable users to initiate access and privilege elevation requests with the desired period for the privilege. Upon review, administrators can either grant or deny requests. Modern JIT processes support ChatOps platforms which allow for seamless integration with users' workflow.
Grant short-lived access to privileges Short-lived or one-time credentials are key for a successful ZSP implementation. A long-lived privilege assignment in a ZSP implementation poses risks similar to not using ZSP at all because it increases the time window to compromise or escalate privileges.
Avoiding zero standing privilege pitfalls
As with any security system, proper implementation of a ZSP is an important factor for overall ZSP effectiveness. Below are two possible pitfalls which can affect the effectiveness of ZSP:
Not integrating with modern workflow: When ZSP is implemented, users must request privileges at the time of access (JIT access). This JIT process can create friction in a workflow with a high velocity of access requirements, such as automated access to a fleet of servers. This friction in the workflow may cost engineers time, affecting business processes. To avoid friction, ZSP implementation should be properly integrated with modern DevOps tools and workflows. For example, JIT process can be integrated with ChatOps platforms, integrating JIT process within developers tools including SSH terminal, database client, IDE, etc.
Using passwords and API tokens: Unless passwords and API tokens are rotated every time a JIT access is granted, these static credentials can negate the whole purpose of ZSP implementation. Static credentials are long-lived by nature, and if they are compromised, attackers can have unconditional access for a long period of time. So, for an effective ZSP implementation, avoid using static credentials at all, and instead, use short-lived certificates.
Despite following the principle of least privilege and assigning users only the privileges needed to do their jobs, malicious users can still find a way to misuse or escalate privileges. While traditional PAM solutions used to promote just enough privilege, modern PAM solutions prioritize zero standing privileges. ZSP is undoubtedly a secure way to manage administrative access and systematically grant and revoke administrator privilege and administrative credentials.
Implement zero standing privilege and just-in-time access to infrastructure resources using Teleport
Teleport delivers essential PAM capabilities such as zero standing privileges, just-in-time (JIT) access, and activity logging so that you can protect your critical infrastructure. With Teleport, you can easily enforce MFA, RBAC, and SSO using identity-based, short-lived certificates. Learn more about Teleport's PAM capabilities or try Teleport Cloud for free — https://goteleport.com/signup/.
Passkeys for Infrastructure
By Ben Arent
SFTP: a More Secure Successor to SCP
By Andrew LeFevre
SELinux, Dragons and Other Scary Things
By Jakub Nyckowski