(Permission Utilization Rate)
PUR stands for Permission Utilization Rate. As the opposite of UUR, it is the percentage of granted permissions which are actually utilized by the principal (application or user).
A high PUR may indicate that LPA has properly been assigned, but it may also indicate over entitlement – ie, that assigned permissions are being utilized, but the user shouldn’t actually be using them. A low PUR may indicate the permission policy contains permissions which aren’t being used (and opening up more attack surface).
The ideal PUR depends on the specific application or user. However, a general rule of thumb is to keep the PUR as high as possible while still ensuring that the principal is not over-entitled per the use case.
Here are some of the benefits of having a high PUR:
- Users have the access they need to do their job.
- Unnecessary permissions which would never be used by a legit user cannot otherwise be abused by an attacker.
- Reduces compliance risks: A lower PUR can help organizations to meet compliance requirements, such as those imposed by the General Data Protection Regulation (GDPR) and SOC2.
To help organizations improve their PUR, Trustle detects all users across each integrated cloud system, and helps you to understand which permissions are being used (or which are not), helping keep your users on least privileged, highly utilized permissions when access is needed, while bringing users back to zero standing access once their tasks are completed.
Automation like this helps to free up time for security and IT teams to focus on more important tasks, while substantially driving down the attack surface and ensuring all compliance and paper trail requirements are met.