As we are moving into the evolution of cloud at an exponential speed, solid perimeters tend to disappear. Add multi-cloud to the mix and these perimeters are essentially non-eistent. In this scenario, finding a way in which secrets can flow in a fluid manner from one cloud to another, without hindering your network and giving only as much information as is required for it to function can be quite a complex process. This is why security professionals consider the principle of least privilege crucial and rate it highly. In this article we understand what the principle of least privilege is all about and explore how it relates to secrets.
The principle of least privilege
The principle of least privilege (PoLP) is an information security concept of giving any user or program the bare minimum privileges required to perform its function. Excess privilege increases the surface of attack and insufficient privilege can lead to denial of service. PoLP is highly regarded as a fundamental step necessary to protect privileged access to high-value data and resources. It helps streamline compliance and audits by enabling enterprises display compliance with the complete audit trail of privileged activities. PoLP helps strike a balance between the implementation of security protection and usability.
Secrets management and PoLP
A secret is a piece of information that can be used for authentication and authorization within microservices, applications, SSH keys, private keys, etc. Secret zero is the first secret and it’s important to know how it is being initiated from the source to the target. The longer a secret is in play, the greater the risk of it being compromised.
Secrets management is ensuring the lifecycle of your secrets in a controlled manner. In order to be able to manage this lifecycle, you need to understand which applications or elements of the system are consuming your secrets, how are they being stored and how are they being rotated.
Preventing humans from seeing the secret is another significant element of secrets management because once a human sees a secret, it no longer remains a secret.
Policies require you to know what your landscape looks like – which applications are speaking to each other, how secrets are being acquired, and more. This brings us to the principle of least privilege. You need to enforce the principles of least privilege to ensure that secrets are being accessed only by programs that have the required privileges.
Why do we need secrets management?
- To avoid secrets sprawl: A secret sprawl occurs when you store secrets in lots of different places and secrets get spread across a multitude of locations. With secrets management, you can make sure that secrets are contained and have an idea of who is using them and how.
- To act as a centralized solution: It can act as a centralized solution that allows you to bring all of the secrets together.
- To eliminate hardcoding secrets: Including secrets in code is incredibly risky as anyone with access to a project can view secrets that have been hard coded. We need secrets management to get them out.
- To avoid storing secrets in a public place: Committing secrets to a public repo like GitHub means that everyone can access them and they are no longer secrets. Effective secrets management will allow you to use environment variables and other secret managers to help secure them.
- To limit human interaction: The longer a secret is in play, the greater the number of people that have seen it. If there is any kind of human interference, the secret is no longer a secret as humans are horrible at keeping secrets. Therefore, we need effective secrets management in order to decrease the number of people that have seen and used the secret.
How to create a great secrets management program?
1. Know your requirements
- Naming conventions: You need to have an idea of what your naming conventions are. Are you using name spacing or are you just relying on paths? Knowing your naming conventions will help you determine how your services will speak to each other.
- Secrets consumption: You need to know which secrets can be consumed by each application because if you give all applications the access to all secrets, you are only increasing your attack surface.
- Residing secrets: Secrets can either reside directly in an application or they can be called on run time when you start scaling up. You need to know where your secrets are residing and where you want them to reside.
- Compliance frameworks: Different compliance frameworks drive your organization in different ways and you need to know the requirements of which one suits you better.
2. Create policies
- Principle of least privilege: Make sure you create all your policies with the principle of least privilege where you only allow enough information necessary by a subject to perform their function.
- Be explicit: Identify which path the policies need to be on and give the path the required permissions.
Testing is a significant part of an effective secrets management program. You need to test using different methods like chaos engineering, penetration testing, etc., and see if you can retrieve a secret and if you can automate the retrieval of that secret.
Secrets management is not as straightforward as easy as it appears to be. You could have the best secrets management tools and implement them well but as long as you have not implemented the right policies and the right ways of retrieval, your tools are not going to be doing you any great favors. One of the fundamental policies to implement is the principle of least privilege as it is definitely a security best practice.
If you have questions related to this topic, feel free to book a meeting with one of our solutions experts, mail to email@example.com.