IAM Standing Privileges

What are standing privileges?

Standing privileges is a term that describes broad user access privileges that are essentially “always on.” In other words, a user with standing privileges to critical IT resources always has those privileges, regardless of whether that user actually needs access to those resources at this time, or indeed ever.

Standing privileges run counter to the principle of least privileged access, which is one of the core philosophies of the Zero Trust framework. That principle argues that users should only have access to the exact resources they need to do their job at a given time, and no more than that.

The risks of standing privileges

Standing privileges create the risk of excessive access. If user credentials with standing privileges are compromised, a hacker could have unencumbered access to all of the IT resources those credentials can access, at all times. Organizations that are looking to reduce their attack surface and the risk of data breaches should make it a priority to eliminate the number of accounts that have standing privileges and to move toward a zero standing privilege framework.

Standing privileges solutions

A zero standing privilege approach favors discretionary access to sensitive IT resources using just-in-time (JIT) approaches to privileged access management (PAM). PAM solutions can help organizations define this discretionary access based on multiple factors, including:

  • Time

  • Job roles

  • Required applications

  • Required tasks