Details
Excessive permissions occur when non-human identities are given more access rights than they need to perform their tasks. This violates the principle of least privilege and increases the potential damage if the identity is compromised.
Stay Informed
Video Explanation
Enhance Your Security Posture
Learn how to protect your non-human identities and strengthen your overall cybersecurity strategy.
Get StartedExample Scenario
GlobalCorp uses a third-party data analytics service to process customer data. The IT team, pressed for time, grants the service account full administrative access to their cloud environment instead of carefully scoping the permissions. Months later, the analytics provider suffers a breach. The attackers, leveraging the excessive permissions of the service account, gain unfettered access to GlobalCorp's entire cloud infrastructure. They exfiltrate terabytes of sensitive data, manipulate critical systems, and deploy ransomware across the network. The incident costs GlobalCorp millions in damages and results in a class-action lawsuit from affected customers.
Mitigation Strategies
- Implement the principle of least privilege for all non-human identities
- Regularly review and audit permissions
- Use role-based access control (RBAC) to manage permissions
Best Practices
- Start with zero permissions and add only what's necessary
- Use automated tools to analyze and report on permission usage
- Implement just-in-time access for elevated permissions
References
Related Risks
Inadequate deactivation or removal of non-human identities when no longer needed....
Learn More about Improper OffboardingLearn more about Improper OffboardingUnintended exposure of sensitive non-human identity credentials to unauthorized parties....
Learn More about Secret LeakageLearn more about Secret LeakageFailure to regularly update or rotate credentials for non-human identities....
Learn More about Inadequate RotationLearn more about Inadequate RotationNon-human identities communicate over insecure channels or without proper encryption....
Learn More about Insecure CommunicationLearn more about Insecure Communication