Cyber security is an all-encompassing subject that gets thrown around with many generalizations within the IT marketing landscape. There is no specific blueprint to follow to when securing a company’s IT infrastructure, but there is a philosophy that should be acknowledged as a foundation. The philosophy is called “principles of least privilege,” one you may not be familiar with, but is paramount to keeping your environment secure. This won’t be a blog about how to set up a firewall, or what sexy new security software you should buy; this blog will explore how we can control who has keys to what within the network infrastructure.
The concept of the principle of least privilege state that a subject should be given only those privileges, or applications, needed to complete its task. Simply put, if an employee does not need access to something, why give it to them? Now that the majority of work is being conducted from remote offices, this philosophy is more important than ever. Yet somehow, this philosophy often gets overlooked in organizations, and there is not a fine-tuned strategy for how to implement these controls.
I am going to review some of the basic principles of POLP and detail the security benefits. I will provide a rundown of best practices and technology changes that should be considered when looking to improve your security posture. The main objective is that the we identify the best ways to facilitate the restriction of access so that employees only use what they specifically require to complete their duties.
Main Objectives for Principle of Least Privilege
Limit Liabilities:
Restricting an administrator’s rights to just a few privileged accounts instead of all of the end users will reduce the chance for high-risk errors. It also ensures the employee does not see/access things they should not.
Reduce Damages:
The goal is to narrow the scope of access from threats. If a user is compromised while employing PLOP, then any damages will be confined to a smaller, restricted area of the network. This will make it easier to detect and solve so the administrator can focus on other job duties.
Stop SQL Injections:
Applications and associated Databases are often targets for attacks, especially if there’s no privilege restrictions. This is because attackers could increase their own privilege to gain control over vulnerable systems. If POLP practices are followed, SQL injections could be stopped before they reached their potential.
Overall Improved Security Posture and Compliance:
Larger, compliant businesses are often targeted from within, as corrupted insiders can jeopardize systems and leak data. Implementing a system that controls access and limits exposure is an effective method to combat rogue employees.
Managing security within the walls of an office building is a challenge in itself, but moving everyone remote overnight makes you have to re-evaluate all operational practices. The impact of an “Act of God” event that keeps us all working remote has quickly changed the perception of people within the IT community requiring them to make rapid changes. Many businesses had to lift and shift the entire operation and run everything by leveraging VPNs on a wide scale. All of this remote VPN connectivity can introduce security concerns.
Below is a multi-step practice for managing security while working from home in the modern era
Least Privilege Endpoint Management:
This practice literally limits what unique users within the organization can access from their work (or home) machines. Administrators have full control of the availability of systems, data, and applications through a centralized management platform. This drastically reduces the visible environments from malicious attacks. By eliminating the availability to systems, we can cut down on malware, ransomware, and avoid potentially larger problems that spread throughout the network.
Eliminate RDP Access from Workstations:
Remote Desktop Protocol has been the main cause for many recent security breaches. By reducing RDP, we can eliminate the weak link in a network’s architecture. There are better ways to connect today (Cloud Gateways) that are significantly more secure.
Reduce VPN Usage:
Similar to RDP, VPN Access can enable weak links within a Network. It is reported that a majority of VPN users have access to sensitive/proprietary company data, which is exactly what hackers are looking for. For example, if a malicious entity can connect through a VPN, they can access the company’s entire network if there are no control limits. With a huge number of remote workers, this has become much more likely and something companies are facing much more often
Leveraging SSO and MFA:
Single Sign On (SSO) Tools can centralize identity management and end user authentication to allow access to specific applications and/or computing resources such as files and IT infrastructure. This is an IT Management practice that should be implemented across an organization, giving more control to the ones that hold the keys. Multi Factor Authentication (MFA) introduces an automated authentication token that validates the user’s credentials and identity. Mindcentric recommends running MFA on all applications.
Policy to Restrict Applications:
Helpdesks are receiving significantly more calls since people started working from home (help me with my Zoom meeting), and the goal is to reduce that workload. By putting restriction policies in place where admins can force their users to access only on the specific applications required to do their job and remove access to tools they don’t need. When policies like this are enforced, employees are safer, more efficient and IT Admins have more time to focus on the important aspects of their job.
How Mindcentric can help with privilege within an IT Operation:
Mindcentric has focused on building and managing complex businesses systems for 2 decades. We align our clients with best practices to ensure that they are secure and compliant. Running a secure operation is not about tools, but merging technology management with best practices. Applying the appropriate foundation from day one will help make your security/IT operation much more effective. Today, Mindcentric is 100% Cloud operated and we leverage several technologies into our practice so that we can protect our infrastructure and our Clients.
- No More VPNs into Infrastructure, replaced with jump hosts executed from virtual desktops.
- ITIL Compliant Help desk and Ticketing System with Defined Chang Management
- Deploying technology to deliver full virtualization and Management of Applications
- Running SSO and MFA on all desktops
- Working closely with leadership to dictate policies that align with your security requirements
Mindcentric is a San Diego-based Managed IT Service Provider and Cloud Hosting Partner that works with businesses that require complex IT operations. With over 2 decades of experience, we have the knowledge and tools to help guide your current IT roadmap, and partner together on future technology goals that are both practical and manageable. If you have questions on implementing Principle of Least Privilege, contact us to set up an initial consultation.
www.mindcentric.com (800) 327-1802