Why YOU need to abide
by the Principle of Least Privilege
If a chain is only as strong as its weakest link, you need to know where
that is. Most people remember to secure against external threats, but
what about the security of internal data in your applications?
The standard practice in the industry is to “close all doors”.
This means that you start by prohibiting all (or almost all) actions,
and then gradually grant permissions to users as the need arises. This
philosophy was originally phrased by Saltzer and Schroeder, saying:
Every program and every user of the system should
operate using the least set of privileges necessary to complete the job.
(The protection of information in computer systems, 1974)
Here are three reasons why you should be following this principle:
1. It’s the industry standard: The current standard for user rights
is that users should have the lowest possible set of privileges that will
permit them to do their jobs.
2. It’s the easiest way to spot errors: If you leave the doors open,
finding errors in the level of access is quite difficult, and these gaps
can remain unfilled for a long time. However, if you choose to close these
doors, anyone needing access can have it granted easily.
3. You avoid serious repercussions: If you forget to close an important
door, you risk a security/confidentiality breach in your system.
The limitation of this policy is often that the systems put in place
lack granularity. For an access control system that lets you control everything
your users can see and do, check out Visual