Principle of Least Privilege: An explainer
Remote and hybrid work arrangements have introduced new challenges for network security: personal devices and ad hoc policies can lead to a tangle of shared accounts and arbitrary access privileges for staff.
And employees aren’t the only offsite resources that access your network. Research shows that the average organization has over 180 vendors connecting to its systems each week. Depending on the nature of the service they provide, some of those third-party companies may count on elevated user privileges that can open your business to new risk.
The more sets of credentials with access privileges to a given system or network, the more potential points of entry — and the greater your risk of a breach.
People and programs should have access to the tools they need to get the work done, but you also must protect your network security at all costs. The Principle of Least Privilege (PoLP) is one way to accomplish both at once, and without complicating things further.
The problem with privilege
According to Verizon’s 2022 Data Breach Investigations Report, the most common path to a data breach is through compromised credentials.
It follows that the more sets of credentials with access privileges to a given system or network, the more potential points of entry — and the greater your risk of a breach.
You can begin to shrink this attack surface by taking stock of your organization’s digital assets, reviewing how those assets are governed, and then following some best practices for managing access rights. Together with a good understanding of cyber hygiene and strong password management, the PoLP can drastically improve your cybersecurity.
What does “least privilege” mean?
Least privilege refers to the lowest level of access privilege necessary. Simply put, the Principle of Least Privilege grants a subject (a user or program) just enough access (to data or a system) to complete their task, and nothing more.
Applying the PoLP will minimize your attack surface, but the advantages don’t end there. You’ll also enjoy:
- System stability. There’s no way to eliminate human error (we all make mistakes), but you can protect against the fallout. Limiting access to resources means employees are less likely to accidentally reconfigure, delete, or otherwise mismanage your systems.
- Malware containment. If a user with access to a lot of network resources were to have their credentials stolen, a hacker can introduce malware that quickly spreads throughout your network. PoLP helps keep any malicious code from moving beyond the affected workstation.
- Data security. Limiting account privileges to the scope of job duties will also protect against insider threats. An employee who holds a grudge — or is open to sharing data for a good payout — may feel compelled to mine your systems for valuable information (like in this recent insider threat incident reported by HackerOne).
Even if your network is breached, PoLP makes it easier to identify the source, since there will be only a few possible culprits. That's another reason why the concept of “just enough” is an important one to honor.
PoLP and network access control
Privilege can be awarded according to business unit, seniority, or specific deliverables. And it doesn’t have to be a permanent state — a certain level of network access can (and, in most cases, should) only be granted for a specific time period or defined task.
Standard or “least-privileged” user accounts should make up the majority of your accounts; reserve “superuser” accounts for administrators who truly need that level of access to manage the system. And be sure to stay active with your privileged access management (PAM) by checking on role-based access control regularly and rearranging privileges as necessary.
What is endpoint privilege management?
Endpoint privilege management (EPM) is the principle of least privilege in action: it enforces a least privilege posture on all users and devices (or endpoints) to control access to data, applications, and systems.
The key to successful EPM is to manage access without hindering productivity — employees still need to be able to do their jobs, and high barriers can slow down work (and impact morale).
Consider using a rights management solution to enforce general rules around a role, group, or individual, and take the time to explain how and why the PoLP can help employees safeguard their work and the entire company.
What is zero trust security?
A “zero trust” approach promotes verification and validation over implicit trust when it comes to digital interaction. In practice, zero trust means applying authentication methods and preventing unbridled movement around networks. The principle of least privilege is a core component of a zero trust model.
Zero trust uses granular security controls to carefully dole out access without increasing the complexity of your security or cost of operations.
Zero trust vs. castle-and-moat
Traditionally, security models assumed that everything inside an organization’s network should be trusted. After all, you’ve got a firewall to protect it from outsiders (like a moat). The problem is, there are ways to cross that moat — and some threats could already be in the network (the castle).
In this castle-and-moat model, anyone with access to the network would be able to reach all of the assets, programs, and systems within it (every tower, and all the crown jewels).
In contrast, zero trust uses granular security controls to carefully dole out access without increasing the complexity of your security or cost of operations. Here’s a very high-level overview of the steps to a zero trust framework:
- Identify and classify valuable data, applications, and services in order to prioritize which assets to protect.
- Establish a process to authenticate user identity, manage access privileges, and verify device integrity.
- Monitor applications continuously to ensure they’re interacting appropriately.
- Consider your infrastructure — apply the same access rules to your systems and devices as you do with your users.
Implementing PoLP and zero trust security
PoLP and zero trust are solid models that are fairly straightforward, in theory. Of course, implementation can be more difficult given the array of different operating systems, applications and endpoints, user roles, and the need for third-party access.
The key is to take it one step at a time: first consider best practices to implementing PoLP, then begin to form a policy that works for your business (expect to implement specific aspects over time, not all at once). If you’re worried about how your PoLP approach will be received, you may want to enlist the help of change management professionals to pave the way for a smooth transition for your team.
Reducing cyber risk means addressing a number of practices, and the entire team must collaborate to improve and maintain your organization’s cybersecurity. Is your cyber strategy ready for what's ahead? Take a look at what else goes into managing cyber risk in 2022.