The Principle of Least Privilege (PoLP)
PoLP is a core principal in IT security. It is sometimes referred to as “the principle of least authority”, or “the principle of minimal privilege.” The idea is that you should grant your staff members the least privileges possible, whilst ensuring that you don’t prevent them from performing their duties. For example, an account setup for the purpose of creating backups, doesn’t need to install applications or have access to payroll information etc. The principle is used to maintain system stability, security, and protect against malware, spyware, and viruses.
While PoLP is relatively easy to implement on a technical level, attempts to scale back privileges once they have been granted, are sometimes met with hostility. Without clear communication with staff members about the reasons why access is denied for certain operations, they may assume that it is because the organisation doesn’t trust them. PoLP does not only apply to people, but also processes and programs.
The principle of least privilege must be carefully adopted. If access levels are either too strict or too liberal, business operations could be disrupted. It’s also very important to ensure that the administrators who are responsible for making changes to access levels are readily available. It is a common case where staff members find themselves in a situation where they need to make certain changes that require a different set of privileges, yet find themselves having to ‘jump through hoops’ before such changes can be enacted. On top of which, staff members have complained about being “treated like a criminal”, when trying to gain additional privileges. Such cumbersome procedures have led to staff members seeking extra privileges in order to avoid such treatment and prevent future hold-ups. It’s also worth noting that some non-technical staff members may incorrectly blame PoLP for erroneous operations, which turn out to be the result of their own wrong-doing.
In order to successfully implement PoLP, organisations must involve all departments; such as HR, marketing and accounts. Access levels should be assigned to roles, rather than individuals, in order to prevent “access creep”. Access creep, otherwise known as “privilege creep”, refers to a gradual accumulation of privileges, that go beyond what an individual needs to fulfil their duties. It often occurs when employees switch to a different role within the organisation. They may be granted a new set of privileges, while retaining their old privileges during the transitional period. However, their old privileges are rarely revoked, and thus result in an unnecessary accumulation of privileges.
It should also be noted that administrators must also adhere to the principle of least privilege. If the admin is checking emails, surfing the net, or creating text documents, there’s no reason why they should be logged-in as a super-user. If the admin were to fall victim to a ransomware attack, the malicious program will only encrypt the files which the user has access to. As you can imagine, if they are logged-in to an account which has access to all files and folders, this may find themselves in big trouble. Finally, it is important for an organisation to carry out yearly reviews of their PoLP implementation to ensure that business operations are not being adversely affected.
Keeping track of user privilege manually can be a difficult and time consuming process – as you really need to have constant eyes on permissions to your sensitive data to spot any changes. LepideAuditor is an auditing solution that provides pro-active and continuous auditing of current permissions and permission changes to help you maintain a least privilege environment.