Rant: Principal of Least Privilege

The principal of least privilege does not mean that you should only have exactly the privileges that makes your job easy. It means that you should have exactly that privilege that you need and no more. Just because you want to do something, or because something makes your life slightly easier, does not mean it belongs to you under the principal of least privilege.

You should find ways to efficiently work with exactly the privileges that you need. For example, imagine a fictional company working on the privileges for their accounting department. In this scenario you will play the part of the CISO. Now you have a choice. Option #1, you can grant the accounting department access to view all the accounts which belong to the company. Option #2, you grant specific members of the accounting department access to exported transaction lists from specific accounts. Obviously option #2 has significantly less access granted. It will probably make the job of the accounting department harder than in option #1. If the accounting department is used to working with option #1 you’re likely going to get significant pushback.

Too often, the word need is not properly applied to the principal of least privilege. We want the least amount of privilege that gives us the most smooth access story. This isn’t the proper way to manage access. It’s acceptable for access to be limited, and even somewhat difficult to work with. This is where automation, scripting, and artificial intelligence shine. Don’t forget that once you’ve moved to the actual limited access model, you can then spend time ensuring that model is still just as efficient as it needs to be!

About the author

I do a lot of stuff. I'm a decent hacker. I jump out of airplanes a lot. Done some firefighting and stuff. Philosophy all the time, make music, acting in awesome indie films. Just, a lot of stuff.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.