The hungry caterpillar — an important lesson in privilege creep
Opinions expressed are solely my own and do not express the views or opinions of my employer
I’m sure you are all familiar with Eric Carle’s classic children’s book “The Very Hungry Caterpillar”. It’s an amazing story that teaches subtle lessons about nutrition, colour and quantities to children.
I absolutely love reading it to my son.The story is pretty simple — the said hungry caterpillar hatches on Sunday, proceeds to eat a variety of fruits in ever increasing quantities from Monday to Friday, overindulges on junk food on Saturday, spends Sunday regretting it and recovers by eating a nice green leaf on Sunday, and then nestles into a cocoon for two weeks and emerges a beautiful butterfly.
As I was reading it this weekend (yet again), I noticed some cute little similarities in the story to the lifecycle of a typical digital identity (both human — including customers, employees, third party contractors etc and machine identities — including service accounts, bot, API key etc) and some simple tips on avoiding privilege creep…
Not every day is the same
Some days you need fruit and some days you need junk food. The little caterpillar gets it.
Similarly, it is important to remember that the privileges needed from day to day may differ, and you should be prepared to add and delete privileges as needs change over time. A great example is the installation of a new system. The installation might require admin access to complete the installation, but that doesn’t mean that admin access is required for everyone to use the application.
Without any oversight, accumulation of privilege is inevitable
From the first apple, it is almost inevitable that the little caterpillar would continue eating in increasing amounts and as a result end up as a big fat caterpillar.
Now he wasn’t hungry anymore- and he wasn’t a little caterpillar any more. He was a big fat caterpillar.
In much the same way, it is almost inevitable that without the appropriate privilege or access management processes, digital identities within an organisation will end up accumulating more and more privileges. This accumulation is typically due to role changes, where privileges from previous roles are rarely revoked or additional privileges required to perform a specific task — not being removed when no longer needed. Other culprits may simply be the lack of approval or oversight requirements before being granted additional privileges.
Hopefully less common in modern organisations, is the practice of cloning profiles or copying privileges from someone else’s account. Just don’t do it!
Too much is likely to end in a stomach ache
It may take a little longer than a week, but the accumulation of privileges will most likely end up in a stomach ache for an organisation in much the same way as that little caterpillar.
That night he had stomach-ache!
The accumulation of excess privileges can be tempting and it is hard to predict how insiders may use those privileges inappropriately or fraudulently. It could be exponentially worse if a cyber criminal could gain access to an account with excess privileges — it may be the exactly right combination of privileges that results in a security breach.
More commonly, organisations will simply struggle to meet regulatory requirements to review access, because they simply have no idea what privileges are required to perform their role.
Before changing roles, you need to cleanse out the old
We’ve all been there — The day after a holiday eating-and-drinking binge, the guilt and the soothing repentance that we get from a fresh salad.
“The next day was Sunday again. The caterpillar ate through one nice green leaf, and after that he felt much better.”
The equivalent of a salad cleanse is the removal or restriction of privileges when a user changes roles or managers, is terminated, dies, moves departments, or even changes physical locations. The same should apply to machine identities when changes are made to machines.
The process of reviewing privileges, removing privileges no longer required and granting privileges that are actually needed is just the cleanse needed.
It can turn out alright in the end…
Then he nibbled a hole in the cocoon, pushed his way out ……… he was a beautiful butterfly!
Hopefully this little post reminded you of reading one of the great children’s books of all time and also provided some useful tips of avoiding privilege creep. Check in again soon for more blog posts focused on privilege management — particularly in the cloud.
