What is Permissive Access?

Permissive access in SecureCloud refers to ingress access to an asset that is overly permissive; it is reported in the Dashboard and Asset Security Access. The criteria defining permissive access can vary from one situation to another, even in the same organization. In SecureCloud you can define permissive access in Risk Configuration and further refine the scope of reporting in Exceptions.

You can set one or both of two independent parameters to define permissive access - source subnet and services. If the actual access specified in the vendor's security controls is equal to or more permissive than any of these settings, it will be considered a violation of best practices.

Possible values for source subnet:

• Any - only when the cloud account's definition allows access from Any source IP, will the access be considered too permissive
• Larger than class A (default)- only when the cloud account's definition allows access when source subnet is larger than class A, will the be considered too permissive
• Larger than class B - only when the source subnet is larger than class B, will the access be considered too permissive
• None - the source subnet is not taken into account when determining whether permitted access is too permissive

Possible values for services:

• Any (default) - only when Any is specified will the access be considered too permissive
• Any and TCP/UDP:0-65535 - only when Any, TPC:0-65535 or UDP:0-65535 are specified will the access be considered too permissive
• None - the service is not taken into account when determining whether permitted access is too permissive