Extensive Access
Risk Category
Access control
Risk Description
Excessive access rights increase security risks. Learn how to assess, restrict, and manage NHI permissions to minimize attack surface.
Why It’s a Risk
Excessive access rights widen the attack surface, increasing the potential for a larger blast radius if the identity is compromised. Attackers could use over-provisioned access to escalate privileges, disrupt operations, or steal data.
Likelihood of Occurrence
moderate
Medium, particularly in rapidly growing or evolving environments where access management is not well-audited.
Impact Level
high
High, as over-provisioned access increases the potential damage and blast radius in case of compromise.
Mitigation Strategy
Regularly analyze and optimize access rights to ensure identities only have the permissions required for their tasks. Implement Zero Trust principles to validate each access request and minimize the impact of potential compromise.
Playbooks in Clutch
110
Applies for:
Cloud Service Provider
Vault
Source Manager
CI/CD
Password Manager
EDR
Data
Network
PaaS
Collaboration
Project Management
Log Analytics
IDP
CRM
MDM
IM
Ticketing
Automation
HRIS
SIEM
