Establish emergency access process

PostedNovember 27, 2024

UpdatedMarch 21, 2025

ByKevin McCaffrey

Creating a robust emergency access process is crucial for maintaining availability and security in the event of issues with your centralized identity provider. It ensures that authorized personnel can regain access to critical workloads without compromising security protocols.

Best Practices

Establish an Emergency Access Process

Define criteria for when emergency access is necessary, such as incidents related to identity provider outages or critical security incidents.
Create a separate emergency access identity or role with minimal permissions necessary to resolve urgent issues, ensuring it avoids excessive privileges.
Implement a multi-factor authentication (MFA) requirement for any users accessing the emergency credentials to enhance security.
Document a clear process for requesting and granting emergency access, including roles responsible for approving the access and the methods used to communicate the access credentials securely.
Conduct regular testing of the emergency access process to ensure it operates smoothly under pressure and update it based on any learnings.
Establish logging and monitoring for all activities performed under emergency access to ensure accountability and facilitate audits.
Review and revoke emergency access immediately after it’s no longer needed, ensuring that any granted permissions are not left open unintentionally.

Questions to ask your team

Do you have a documented process for granting emergency access to your workloads?
How frequently is the emergency access process reviewed and updated?
Are staff trained on the emergency access process and their roles within it?
What steps are taken to log and monitor emergency access activities?
How do you ensure the emergency access process is secure and doesn’t introduce additional vulnerabilities?
Is there a defined time limit for emergency access, and how is it enforced?

Who should be doing this?

Security Administrator

Develop and oversee the emergency access process.
Ensure that emergency access procedures are documented and communicated to relevant stakeholders.
Regularly review and update the emergency access process to adapt to changing security needs.

Identity and Access Management (IAM) Specialist

Implement technical controls to enable emergency access when necessary.
Monitor and audit emergency access requests and usage.
Work with the Security Administrator to ensure compliance with organizational policies.

IT Operations Manager

Ensure that all personnel involved in the emergency access process are trained and aware of their responsibilities.
Coordinate response efforts during emergencies to ensure business continuity.
Maintain communication with stakeholders during an emergency access event.

Compliance Officer

Review the emergency access process for compliance with regulatory requirements.
Ensure that documentation related to emergency access is maintained for audit purposes.
Conduct periodic assessments of the emergency access process to identify areas for improvement.

What evidence shows this is happening in your organization?

Emergency Access Process Document: A comprehensive policy document outlining the procedures and responsibilities for granting emergency access to AWS workloads, including identification of roles, approval workflows, and contingency measures.
Emergency Access Checklist: A checklist to ensure all necessary steps are taken when activating the emergency access process, including verification of identity and scope of access required.
Training Manual for Emergency Access Protocols: A training manual designed for staff, detailing the emergency access protocols, how to execute them, and roles of individuals involved in the process.
Access Review Dashboard: A dashboard that provides insight into access permissions and logs of emergency access events, ensuring transparency and accountability.
Incident Response Plan Template: A template for an incident response plan that includes sections specifically for handling scenarios where emergency access is required, ensuring a structured response to issues.

Cloud Services

AWS

AWS IAM: AWS Identity and Access Management (IAM) allows you to manage access to AWS services and resources securely. You can establish emergency access permissions for users and roles to ensure that access is granted in critical situations.
AWS Organizations: AWS Organizations helps you centrally manage and govern multiple AWS accounts. You can establish policies that define emergency access scenarios across accounts.
AWS CloudTrail: AWS CloudTrail enables you to monitor API activity in your AWS account. It provides visibility into who accessed what resources, which is vital for auditing emergency access instances.

Azure

Azure Active Directory: Azure Active Directory (AD) provides identity and access management capabilities. It includes features for setting up emergency access policies and managing permissions securely.
Azure Policy: Azure Policy helps you manage permissions by enforcing policies across Azure resources. You can create policies to allow for emergency access to certain resources.

Google Cloud Platform

Google Cloud IAM: Google Cloud Identity and Access Management (IAM) enables you to control who has access to your cloud resources. You can set up special roles for emergency access situations.
Google Cloud Audit Logging: Google Cloud Audit Logging enables you to track access to resources and changes made within your Google Cloud environment, which is crucial for managing emergency access.

Question: How do you manage permissions for people and machines?
Pillar: Security (Code: SEC)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals