We’ve all seen the data from the latest Verizon Data Breach Incident Report that shows half of security breaches stem from credential abuse. It’s clear that credential compromise is an epidemic in cybersecurity and can be largely avoided with multifactor authentication and least-privilege policies. Misused credentials have shot up by almost 30% over the last five years, according to Verizon. Engineers and developers are not immune to this plague; they may be even more attractive to attackers because admin privileges allow access that reaches far beyond that of the everyday user. In fact, they are often granted always-on access when, in reality, they only need brief, intermittent access to get their job done. According to Gartner, privileged access carries significant risk. Even with PAM tools in place, the residual risk posed by users with standing privileges remains high. They recommend identity and access management (IAM) leaders implement just-in-time (JIT) strategies and, eventually, reach a posture of zero standing privileges.
Giving engineers right-sized permissions with only the privileges they need to carry out specific tasks is especially important when these credentials are used to stand up or make changes to production resources.
Just in Time for Developers
JIT inventory management has been standard in many industries for decades. Especially in manufacturing, where factories can’t afford to have supplies sitting in the warehouse unused, assembly lines lying idle or have production at a standstill while waiting for parts. In information security, JIT management grants users privileged access for only the amount of time needed for a user to complete a task. This helps minimize the attack surface and avoid the risk caused by long-standing unrevoked privileges.
In today’s agile environments, development engineers need to move and fix things fast. For example, cloud infrastructure environments are usually set up and maintained by DevOps and development teams via continuous integration/continuous delivery (CI/CD) pipelines. But developers sometimes also need direct, highly privileged access to production environments for more specific tasks.
While static privileges that allow developers to perform day-to-day tasks are typically provided through the network’s IAM system, organizations often lack the ability to grant and revoke privileges dynamically for cloud environments. That’s because traditional on-premises privileged access management (PAM) and identity governance and administration (IGA) solutions don’t support cloud-native—and increasingly multi-cloud—infrastructures.
Developers will always need quick, highly privileged access to sensitive cloud environments for activities such as debugging or manual deployment of a service. But those wide-ranging entitlements don’t need to be permanent and can introduce a significant risk if they’re not revoked once the job is done.
This has left organizations resorting to risky, overprivileged practices. Inactive accounts are the source of many cybersecurity headaches. In fact, that is how cybercriminals breached the network of Colonial Pipeline in last year’s ransomware attack that shut off gas supplies. Overprivileged accounts are another big headache, which was a big factor in the now-famous SolarWinds attack.
JIT Access
This is where JIT access comes into play, and can enforce highly granular entitlement management for privileged access in the cloud. Gartner has become an advocate of JIT since it enables a number of security best practices. They recently advised security leaders to implement “a process for quick and easy requesting and granting of additional privileges with minimal disruption to an individual’s workflow.”
One of the biggest challenges to implementing JIT privilege management is provisioning. Security staff is overtaxed, especially as the adoption of multi-cloud environments keeps adding complexity to their work. Provisioning individual, temporary permissions for each task becomes onerous when there is so much more to oversee.
JIT privilege management for the cloud has to meet developers’ need for speed, self-sufficiency and transparency. One approach is to use a self-service portal that accepts requests for elevated privileges, manages the approval process, grants authorized permissions and automatically revokes them when they expire.
A JIT Framework for Developer Security
This framework provides security and productivity benefits.
First, it minimizes the cloud attack surface by enforcing temporary and granular least-privilege policies. This prevents attackers that have compromised a user’s credentials from using excessive permissions to access sensitive resources and exfiltrate data.
Second, it saves engineering teams time and effort by enabling them to quickly submit a request, notify approvers and gain temporary access. This automated workflow eliminates delays and allows DevOps staff to get their work done more rapidly and securely.
Finally, monitoring user activity during elevated privilege sessions makes it possible to generate reports for all JIT access requests and authorizations to enforce security policies. It also creates an audit trail for forensic analysis in a security incident.
When implementing a JIT framework for cloud privilege management, consider the following best practices:
Look for tools that offer developers a seamless experience through a self-service portal. This saves everyone time by automating the submission, processing, approval and logging of access requests.
Define owners for each step of JIT approvals including who manages eligibility, who approves the scope of access and who reviews requests.
For low-risk access requests or those involving non-production environments, use policies that eliminate the need for human intervention. The system should be able to log requests, assess the stated reason for the escalated privileges and the timeframe and respond rapidly.
Reducing the Attack Surface With JIT
Giving DevOps staff unfettered access to sensitive resources, especially in production environments, for extended periods of time violates basic security hygiene best practices. JIT privilege management enables organizations to keep engineering activities on track and on time without incurring excessive risk. By reducing the attack surface associated with DevOps identities, even if a user’s credentials are compromised, a hacker will not have the keys to the proverbial kingdom. This will limit the blast radius of an attack.
The challenge companies face is extending traditional privilege management capabilities to cloud environments. Fortunately, new cloud-native advances in IAM and PAM functionality are making it possible to close this missing link in cloud security.