The principle of least privilege is a security guideline that states that code and users are granted the minimum permissions they need to complete their work.
BasisIt is common for programmers and system administrators to grant strong privileges to code and users because it generally makes their job easier. A system admin who grants users minimal permissions from the start might get dozens of requests related to permissions each day. These can be mostly eliminated with a few commands to upgrade all users to strong permissions.Overly strong permissions often contribute to the severity of information security incidents. If a user's password is compromised it is more dangerous if they have strong permissions across a wide range of systems.
Knowledge WasteKnowledge waste is when teams and individuals fail to share knowledge within an organization causing others to duplicate research efforts and replay mistakes of the past.It is common for organizations to seek an environment of open document repositories and systems in order to fully leverage investments in knowledge. As such, it is perfectly common for an organization to interpret least privilege in an extremely open manner. For example, an organization may adopt the principle that access to all knowledge is a basic requirement for employees to do their job. Such a policy typically has exceptions such as trade secrets and employee records.
Process EfficiencyOrganizations that strictly adopt least privilege may find it becomes something of an efficiently bottleneck. Least privilege works well with mature organizational processes such as setting up employees with every permission they need from day one. If a new employee needs to email dozens of system administrators and follow up with each before they are full set up, it can be a drag on their productivity.
This is the complete list of articles we have written about information security.
If you enjoyed this page, please consider bookmarking Simplicable.
© 2010-2023 Simplicable. All Rights Reserved. Reproduction of materials found on this site, in any form, without explicit permission is prohibited.
View credits & copyrights or citation information for this page.