Overprivileged Identity

Risk Category

Access control

Risk Description

Overprivileged identities create security risks. Explore best practices for limiting NHI access and enforcing least privilege principles.

Why It’s a Risk

Overprivileged identities pose a significant security threat as they can access sensitive systems and data beyond their intended scope. If compromised, these identities allow attackers to perform malicious actions like data exfiltration or lateral movement within the network.

Likelihood of Occurrence

HIGH

High, especially in large environments with frequent role changes and inadequate access reviews.

Impact Level

HIGH

High, as overprivileged identities can lead to significant system compromise if misused.

Mitigation Strategy

Continuously monitor and audit permissions, flagging overprivileged identities. Implement least privilege access principles and ensure access levels are limited to the minimum required for functionality. Enforce Zero Trust validation for every consumer and any action performed by these identities to limit the risk of privilege abuse.

Playbooks in Clutch

110

Applies for:

  • Cloud Service Provider

    AWSAzureGCP
  • Vault

    AWS Secrets ManagerGCP Secret ManagerHashicorp Vault
  • Source Manager

    BitbucketGithubGitlab
  • CI/CD

    CircleCIGithub ActionsJenkinsTeamcity
  • Password Manager

    1PasswordLastpass
  • EDR

    CrowdstrikeSentinelOneMicrosoft Defender
  • Data

    AWS RedShiftMongo DB AtlasMySQLPostgreSQLSnowflake
  • Network

    AkamaiCloudflare
  • PaaS

    AKSEKSGKEK8S
  • Collaboration

    Atlassian ConfluenceNotion
  • Project Management

    Atlassian Jira
  • Log Analytics

    DatadogElasticSplunk
  • IDP

    Google WorkspaceJumpCloudMicrosoft Entra IDOkta
  • CRM

    HubspotSalesforce
  • MDM

    IntuneJamf
  • IM

    Microsoft TeamsSnowflake
  • Ticketing

    ServiceNowZendesk
  • Automation

    TinesTorq
  • HRIS

    Bamboo HRHiBob
  • SIEM

    Exabeam (LogRhythm)Sumo Logic