What is the Principle of Least Privilege and How Does it Protect You?

The principle of least privilege (or PoLP) is, in layman’s terms, the idea that a user or technological process should have the minimum IT access necessary to efficiently complete their job or tasks. In other words, does Joe from Marketing need access to records from HR to perform his duty? If not, he should not be able to access them. Does Margaret from Accounting need access to the Finance records? Likely so, so she should have access to them. But poor Joe in Marketing might be cut off again.

Poor Joe, relegated to his Marketing cubicle without access to HR or Finance. Why don’t we like Joe? I mean, he’s a nice guy, does his job well, and has always passed his phishing tests. He follows his MSP’s advice and uses a high–quality password. He logs out every time he leaves work and even locks his computer on coffee breaks. He’s even pretty good at his job.

Sorry, Joe. The principle of least access is at work here. And for good reason! While Joe may follow all the rules and do everything perfectly, he is not impervious to attack. We’re not always interested in simply keeping Joe out of the Finance records, but rather keeping online attackers limited, should they gain access.

Least privilege principles and policies work in a few similar but non-identical ways. While certainly not an exhaustive list, some examples include:

By limiting an application, or even a process within an application, including malware, to certain areas (also called surfaces or “attack” surfaces)
By limiting a user to certain areas, thus decreasing the amount of damage a bad actor or disgruntled employee can incur
By limiting the area humans can make an error, for example an accidental deletion or inadvertent file edit
By removing the ability to granting admin access to users who don’t need it
By separating privileges, especially at the admin level, to require two sets of credentials to perform especially potentially destructive tasks
By requiring periodic audits to ensure PoLP principles are being followed

Remember Joe? Unfortunately for him (and his company), Joe was a fan of the online fictitious outdoor store, ABC Camping. ABC Camping’s database was hacked, and Joe’s excellent complex password happened to be the same as his work password. When that information was offered for sale on the Dark Web, and because Joe’s company wasn’t monitoring the Dark Web for his personal email, it took just a tiny bit of social engineering to uncover Joe’s username at work. Luckily for all involved, while a small bit of marketing materials were compromised to due to the hack, many other areas of the company’s information was out of the reach of Joe’s account…and Joe’s impersonator.

Like other layers of the cybersecurity shield, the principle of least privilege isn’t a one-stop for cyberdefense. However, it is an important layer and additional obstacle for bad actors. Not sure where your company stands? We can help you with your PoLP policies (as well as help monitor the Dark Web for you). Give us a call or click on our contact form!

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

What is the Principle of Least Privilege and How Does it Protect You?

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666