A Best Practice for Information Security and Compliance
The principle of least privilege is the idea that at any user, program, or process should have only the bare minimum privileges necessary to perform its function. For example, a user account created for pulling records from a database doesn’t need admin rights, while a programmer whose main function is updating lines of legacy code doesn’t need access to financial records. The principle of least privilege can also be referred to as the principle of minimal privilege (POMP) or the principle of least authority (POLA). Following the principle of least privilege is considered a best practice in information security.
How the Principle of Least Privilege Works
The principle of least privilege works by allowing only enough access to perform the required job. In an IT environment, adhering to the principle of least privilege reduces the risk of attackers gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application. Implementing the POLP helps contain compromises to their area of origin, stopping them from spreading to the system at large.
Examples of the Principle of Least Privilege
The principle of least privilege can be applied to every level of a system. It applies to end users, systems, processes, networks, databases, applications, and every other facet of an IT environment. Below are just a few examples of how the principle can work (or fail) in practice.
Benefits of the Principle of Least Privilege
There are many benefits of implementing the principle of least privilege:
Better security:
Edward Snowden was able to leak millions of NSA files because he had admin privileges, though his highest-level task was creating database backups. Since the Snowden leaks, the NSA has employed the principle of least privilege to revoke higher-level powers from 90% of its employees.
Minimized attack surface:
Hackers gained access to 70 million Target customer accounts through an HVAC contractor who had permission to upload executables. By failing to follow the principle of least privilege, Target had created a very broad attack surface.
Limited malware propagation:
Malware that infects a system bolstered by the principle of least privilege is often contained to the small section where it entered first.
Better stability:
Beyond security, the principle of least privilege also bolsters system stability by limiting the effects of changes to the zone in which they’re made.
Improved audit readiness:
The scope of an audit can be reduced dramatically when the system being audited is built on the principle of least privilege. What’s more, many common regulations call for POLP implementation as a compliance requirement.