Rant: Principal of Least Privilege

The principal of least privilege does not mean that you should only have exactly the privileges that makes your job easy. It means that you should have exactly that privilege that you need and no more. Just because you want to do something, or because something makes your life slightly easier, does not mean it belongs to you under the principal of least privilege.

You should find ways to efficiently work with exactly the privileges that you need. For example, imagine a fictional company working on the privileges for their accounting department. In this scenario you will play the part of the CISO. Now you have a choice. Option #1, you can grant the accounting department access to view all the accounts which belong to the company. Option #2, you grant specific members of the accounting department access to exported transaction lists from specific accounts. Obviously option #2 has significantly less access granted. It will probably make the job of the accounting department harder than in option #1. If the accounting department is used to working with option #1 you’re likely going to get significant pushback.

Too often, the word need is not properly applied to the principal of least privilege. We want the least amount of privilege that gives us the most smooth access story. This isn’t the proper way to manage access. It’s acceptable for access to be limited, and even somewhat difficult to work with. This is where automation, scripting, and artificial intelligence shine. Don’t forget that once you’ve moved to the actual limited access model, you can then spend time ensuring that model is still just as efficient as it needs to be!

About the author

Professional hacker & security engineer. Currently at Google, opinions all my own. On Twitter as @zaeyx. Skydiver, snowboarder, writer, weightlifter, runner, energetic to the point of being a bit crazy.

Leave a Reply

Your email address will not be published. Required fields are marked *