Zero Standing Privileges (ZSP)


Zero Standing Privileges (ZSP) is a term coined by analysts, Gartner, to describe the target state for privileged access in an organization to minimize risk of stolen credentials, privilege abuse, breaches, data loss and non-compliance.

Traditional PAM creates standing privileges

Typically, any organization with network infrastucture or any critical data or assets, has personal privileged accounts in play - privileged accounts and privileges exist. Traditional PAM tools have relied on the creation of accounts and privileges.

As the need for privileged access provisioning has grown in complex environments, enterprises face challenges to achieve ZSP. Administrative and maintenance access that includes broad privileges, persistant shared accounts, superuser and root accounts, never-offboarded 3rd party privileges, and password-based access to systems and applications, all contribute the growth of standing privileges.

Organizations that need reduce their attack surface, mitigate the risk of data breaches and achieve compliance should make it a priority to eliminate standing privileges and move towards Zero Standing Privileges.

Gartner Zero Standing Privileges recommendations

Gartner's summary of their Remove Standing Privileges Through a Just-in-Time PAM Approach research states: "The existence of privileged access carries significant risk, and even with PAM tools in place, the residual risk of users with standing privileges remains high. Security and risk management leaders engaged in IAM must implement a zero standing privileges strategy through a just-in-time model." 

Zero Standing Privileges solutions

SSH.COM has developed a comprehensive set of just-in-time (JIT) Zero Trust solutions that support Gartner's approach for Zero Standing Privileges for user or machine ID authentication. This helps to mitigate the risk of managing digital keys, privileged passwords and other secrets (like API tokens or certificates) by greatly reducing their numbers in IT infrastructures. Learn more about the SSH.COM's Zero Trust and Just-in-time (JIT) solutions here.