The Principle of Least Privilege (PoLP) is a security concept that lays out guidelines for giving users the minimum amount of access or privileges to do what they need to do. Most importantly, giving administrative users the least amount of access necessary. The idea of granting users only the minimum of what they need is not a new idea. Least privilege access has been discussed for decades. Today more than ever it is one of the most important (i.e. principal) principles of security design.
Unfortunately, it is not always possible to prevent hackers from getting into your systems. Certain social engineering attacks are able to bypass security protections you have put in place. Users can be tricked into letting bad actors physically in the building or into giving away an API access key. What you can do is ensure that if someone is able to gain access that they have minimal access to resources. By limiting a user’s access you will prevent anyone that does get through from being able to take over all of your systems.
The first step you would want to take is reevaluate which administrators you have made super users or domain administrators. Basically, who have you given full control to? It is often much easier to give someone full administrative access to a system instead of figuring out how to limit their actions to the minimum of what they need. The truth is that if you fail to do the grunt work up front you might find yourself paying out millions in ransomware demands in the end. Do your homework and figure out exactly what that new team member or perhaps that contractor needs to do and how to limit their privileges to fit those needs.
For example, if you are bringing a consultant to audit your systems, or make recommendations on how you could improve part of your architecture, you might think that they need access to everything and assign them to a role that gives them full control. However, if all they are there to do is make recommendations, and they aren’t there to make any changes to your systems, then they don’t actually need full control. They should be able to do what they need to do just by gaining read access to settings and configurations. A well designed least privilege system should give you the ability to control not only what objects an administrative type user can access but what actions they can perform against those objects. Actions are usually broken down into read, write/update, list, create, and delete. Therefore the appropriate privileges for the consultant in our example would be to simply grant read privileges to all objects.
Not all applications nowadays provide a means to be this granular with your privileges. You need to prioritize the ability to implement the Principle of Least Privilege when choosing a solution that will work for your organization, one of the most important of security principles.