If a chain is only as strong as its weakest link, you need to know where that is. Most people remember to secure against external threats, but what about the security of internal data in your applications?
The standard practice in the industry is to “close all doors”.
This means that you start by prohibiting all (or almost all) actions,
and then gradually grant permissions to users as the need arises. This
philosophy was originally phrased by Saltzer and Schroeder, saying:
Every program and every user of the system should operate using the least set of privileges necessary to complete the job. (The protection of information in computer systems, 1974)
Here are three reasons why you should be following this principle:
1. It’s the industry standard: The current standard for user rights is that users should have the lowest possible set of privileges that will permit them to do their jobs.
2. It’s the easiest way to spot errors: If you leave the doors open, finding errors in the level of access is quite difficult, and these gaps can remain unfilled for a long time. However, if you choose to close these doors, anyone needing access can have it granted easily.
3. You avoid serious repercussions: If you forget to close an important door, you risk a security/confidentiality breach in your system.
The limitation of this policy is often that the systems put in place lack granularity. For an access control system that lets you control everything your users can see and do, check out Visual Guard.