Privileged access credentials are a necessary evil in many organizations. Ideally, privileged credentials are given to the right people, with the right levels of privileged access, are not misused, and are not shared with others who are not supposed to have them. For example, IT administrators may possess certain privileged credentials, executives may possess other privileged credentials, and regular users may possess limited or no privileged credentials. In reality, however, the wrong privileged credentials (e.g., unnecessarily strong credentials) can be given to these people, credentials may be misused, and credentials may be vulnerable to proliferation to other users or machines. When privileged credentials fall into the hands of an attacker, they allow the attacker to take control of an organization's IT infrastructure, disable security controls, steal confidential information, commit financial fraud, and otherwise disrupt operations. Stolen, abused, or misused privileged credentials are involved in a large proportion of network security breaches.
One existing approach for providing privileged credentials in computer networks is to use semi-permanent, hard-coded credentials in applications. Examples of such credentials include passwords, SSH keys, asymmetric (e.g., public/private) keys, symmetric keys, and other types of cryptographic data or privileged security or access tokens. In some situations, these credentials are included within an application or on a machine for use in communicating with other network resources. Because these credentials are accessible in applications or on machines, however, they are vulnerable to theft by malicious entities. If an attacker obtains access to an application or machine with such credentials, the attacker may use the credentials to access other network resources, potentially expanding their freedom of movement throughout the network and compromising more of the network.
A further approach to manage access to privileged credentials is to use a secure vault, which contains privileged credentials and is not accessible to users. In this approach, a user who wants to access a target network resource must authenticate itself to the vault, which in turn supplies the needed privileged credentials to the target network resource without exposing the user to the privileged credentials. This technique thus relies on the use of privileged credentials and privileged accounts, but limits their exposure and visibility to the vault and target network resource, not to the user itself.
It would be advantageous, however, for a technological solution to allow regular, non-privileged accounts to access privileged resources without having to rely on privileged accounts or credentials. For example, it would be advantageous to elevate the privileged access rights for a user (e.g., inclusion in privileged membership lists, modification of an access token, or privileged remote access) on an on-demand and as-needed basis, so that the user has the necessary access rights only for as long as they are needed, and the access rights are thereafter withdrawn. Such techniques would also be advantageous if a user obtains temporary access rights to a privileged resource, since there would be no trace of privileged credentials left behind for attackers to exploit. For example, no credentials would be locally stored on the user's machine, even temporarily, during the process of obtaining elevated access rights. In view of these advantages, there is thus a need for technological solutions for dynamically managing privileged access for non-privileged accounts.