Nailing the Security Audit with RRCU
glossary

What Is Break-Glass Access?

Share

/images/Glossary-image-green.jpg

Break-glass access or emergency access is a mechanism for allowing designated users to elevate their access rights by bypassing normal access controls. This is typically done in the event of an emergency where standard operating procedures cannot be followed, and immediate access is required to address a crisis or mitigate these emergency situations. In these scenarios, a user needs elevated permissions immediately such that waiting for typical operating procedures would have a materially negative impact on the business (e.g., aiding in incident response).

The “break-glass” analogy refers to the idea of breaking a glass cover to access an emergency lever or fire alarm. Similarly, in cybersecurity, this functionality is designed to be used only in exceptional circumstances, with appropriate safeguards and monitoring in place to ensure accountability and prevent abuse.

 

Methods for implementing break-glass access

Break-glass access generally comes in two flavors:

  • Using separate privileged accounts that have escalated permissions
  • The escalation of permissions directly on the requesting account

In either flavor, organizations must determine in advance which users are eligible to request this access and under what circumstances these requests are allowed.

Separate break-glass accounts

Break-glass accounts are largely considered a legacy approach to gaining access due to security implications. Break-glass accounts generally bypass best-practice security measures such as multi-factor authentication (MFA) and zero trust or conditional access policies. To prevent cyberattacks, it’s important to ensure that these accounts are not connected to any additional systems other than the one they’re meant to provide emergency access for. If this approach is used, having one break-glass account for each system is a general best practice. To maintain reasonable security controls, break-glass accounts must be strictly monitored to prevent misuse or account compromise.

Just-in-time permission escalation

An alternative approach to break-glass accounts is to escalate permissions on existing accounts. If possible, this approach is preferable for most systems as it allows for leveraging the existing user account and does not bypass typical security controls such as MFA and conditional access. Just-in-time emergency access simply allows end users to escalate permissions by bypassing typical approvals workflows.

 

Benefits of break-glass access

Break-glass access offers several key benefits for organizations looking to enhance incident response capabilities:

  • Increased flexibility and responsiveness: By providing a controlled mechanism for temporary privilege escalation, break-glass access enables organizations to quickly respond to unexpected events, emergencies, or cyberattacks without being hindered by rigid restrictions attached to the approval process.
  • Improved security and compliance: Break-glass access is typically accompanied by robust logging, monitoring, and approval workflows, ensuring that all elevated access activities are tracked and audited. This helps organizations maintain security and regulatory compliance even in times of crisis.
  • Reduced risk of downtime: In the event of a network outage, data breach, or other case of an emergency, the break-glass procedure can allow authorized personnel to quickly intervene and take necessary actions to restore normal operations and mitigate the impact.
  • Enhanced trust and visibility: The transparency and control provided by break-glass access can foster greater trust between employees, IT teams, and management, as everyone can be confident that elevated privileges are being used responsibly and in accordance with established policies.

 

Use cases for break-glass access

Break-glass access can be valuable in a variety of scenarios where immediate action is required to address a pressing issue or mitigate a significant risk. Some common break-glass scenarios include:

  • Incident response and disaster recovery: During a security incident, such as a cyberattack or malware outbreak, break-glass access can allow incident response teams to quickly investigate, contain, and remediate the problem, even if it requires emergency access accounts.
  • System outages and maintenance: If a critical system experiences an unexpected failure or requires emergency maintenance, break-glass access can enable authorized personnel to access the necessary resources in real time and restore normal operations.
  • Privileged actions: These are considered a component of traditional privileged access management (PAM) use cases, wherein the break-glass access allows an IT or security administrator to temporarily escalate permissions to perform a privileged action such as revoking user access or creating an account.
  • Business continuity: During a natural disaster, political unrest, or other disruptive events, break-glass access can enable key personnel to continue critical business operations through conditional access, even if normal access channels are unavailable or restricted.

 

Break-glass access in identity and access management (IAM)

Break-glass access is a crucial component of a comprehensive IAM strategy. By integrating break-glass access into an organization’s IAM workflows, security teams can gain a quicker speed of responsiveness during a case of emergency without losing control and visibility into the use of elevated privileges, ensuring that this emergency access is only used when necessary and in accordance with established policies.

Key ways break-glass access can enhance companies’ identity security posture include:

  • Improving least privilege access: By providing a controlled mechanism for temporary privilege escalation, including support for break-glass access, allows organizations to implement a strict least privilege access model, limiting the default permissions of users while still enabling them to perform critical tasks when needed.
  • Effective incident response: During a security incident or other critical event, break-glass access can enable incident response teams to quickly and effectively mitigate the issue, reducing the overall impact and downtime of critical operations.
  • Ensure controls are followed: By having a break-glass process, organizations can ensure that users adhere to a documented, auditable process for escalation permissions in an emergency situation.

 

Summary

Break-glass access is a powerful mechanism that can help organizations enhance their security, compliance, and responsiveness in the face of unexpected events or emergencies. By providing a controlled and audited mechanism for temporary privilege escalation, break-glass access can enable authorized personnel to take immediate action to address critical issues, while still maintaining the overall integrity of the organization’s identity security posture.

 

/images/newletter-post.png

Stay in touch

The best way to keep up with identity security tips, guides, and industry best practices.

Explore more posts

/images/Glossary-image-purple.jpg

What Is Light IGA?

/images/glossary-thumbnail.png

What Is Privileged Access Management (PAM)?

/images/glossary-thumbnail.png

What Is Zero Trust?