We just published our whitepaper, The Data Enclave Advantage, exploring why the security model most organizations rely on for data access is fundamentally broken—and what to do about it.
The Cloud Security Alliance’s Top Threats to Cloud Computing Deep Dive 2025 Report backs this up: Identity and Access Management failures, almost always rooted in broad, long-lived standing permissions, are the most frequent threat observed in cloud breaches.
Here’s the uncomfortable part: RBAC, Row-Level Security, and most “data security” tools are just standing permissions with extra steps. And that’s exactly the problem.
The Standing Permissions Problem
Standing permissions are access rights that remain active indefinitely, long after the task they were granted for has been completed. It’s a model inherited from on-premises environments, and it’s catastrophically unsuited for the fluid nature of modern cloud infrastructure.
Consider what happens when an attacker compromises a single identity with standing permissions. They don’t get a narrow point of entry—they get a landscape of opportunities. The Darkbeam incident exposed 3.8 billion email-password combinations because a misconfigured interface had, in effect, standing permission for anyone on the internet to access it. Toyota’s data leak persisted for nearly a decade because standing public access to sensitive data was never revoked.
The pattern repeats across every major breach: standing permissions turn minor security incidents into catastrophic ones.
Why Data Is Different
Here’s where it gets complicated. While tools like Privileged Access Management (PAM) and Identity and Access Management (IAM) are helping organizations move toward Zero Standing Privilege for network and API security, data security remains stuck.
Current methods—Role-Based Access Control, Row-Level Security, programmatic access controls, database proxies—are all, in essence, standing permissions. They’re static. They’re often too broad because organizations fear adding friction. And they lack the continuous monitoring and just-in-time architecture that modern security demands.
The Snowflake breach demonstrated this perfectly. Attackers used stolen credentials to authenticate, then executed simple commands—SHOW TABLES, SELECT * FROM, COPY INTO—to exfiltrate terabytes of sensitive data. No privilege escalation needed. The standing permissions were all they required.
The core challenge isn’t controlling database connections. It’s dynamically managing access to individual data records precisely when they’re needed for a specific query.
The Real Consequences
Standing permissions enable a cascade of security failures:
Expanded attack surface. A single compromised identity becomes a master key. Breaches go undetected for extended periods because the permissions that enable them are indistinguishable from normal access.
Privilege creep. Users and applications accumulate more permissions over time than they need. The Microsoft breach started with a “legacy, non-production test tenant account” that had amassed elevated privileges over time—enough for attackers to create malicious OAuth applications and access corporate mailboxes.
Lateral movement. Once attackers have a foothold, standing permissions let them navigate freely. The FTX collapse was accelerated by poor key management and insufficient segmentation—once attackers were in, they had the keys to the kingdom.
Audit nightmares. The sheer volume of permissions in a typical cloud environment makes it nearly impossible to track, verify, and validate that every permission is justified and actively used.
A Different Architecture
We’ve spent the past year developing an approach that addresses this gap directly: on-demand data enclaves.
The concept is straightforward. Instead of granting standing access to databases and hoping your perimeter holds, you create secure, isolated environments on-demand. Each enclave contains only the specific subset of data needed for a particular task. Access is governed by temporary “data contracts” that define exactly who can access what data, for how long, and for what purpose.
When the task is done, the enclave is torn down. No standing credentials. No accumulated permissions. No lateral movement possible because there’s nowhere to move to.
This model solves the fundamental problems:
- Attack surface shrinks dramatically. A compromised identity can only access what’s in its specific enclave, scoped by its data contract.
- Privilege creep becomes impossible. Access is always temporary and precisely scoped to a task.
- Auditing becomes tractable. Instead of auditing a chaotic web of individual permissions, you audit data contracts and the policies that govern them.
The Path Forward
Breach after breach reveals the same truth: standing permissions are a liability not suited for the dynamic and distributed nature of modern cloud infrastructure.
For companies holding highly valuable information—financial data, health records, salary information—the stakes are even higher. By applying Zero Standing Privilege and Just-in-Time principles directly to data records, not just database connections, you can drastically reduce your attack surface and limit the damage a breach can cause.
We’ve published a detailed whitepaper exploring this architecture, the security incidents that motivated it, and how it maps to the controls recommended by the Cloud Security Alliance.
Read the full whitepaper: The Data Enclave Advantage: A New Paradigm for Least-Privileged Data Access in a Zero-Trust World