The Principle of Least Privilege means granting users, systems, and processes only the minimum permissions necessary to perform their job functions.
Implementation strategies:
- Start with zero access: Grant permissions only when needed
- Regular access reviews: Periodically audit and remove unnecessary permissions
- Time-bound access: Use temporary elevated privileges when possible
- Segregation of duties: Divide critical functions among multiple people
- Just-in-time access: Provide elevated access only when requested and approved
Example implementation:
- Database admin needs read access to production during normal operation
- Write access granted only during approved maintenance windows
- Emergency access requires additional approval and is automatically logged
Benefits:
- Reduces attack surface
- Limits blast radius of compromises
- Improves compliance posture
- Reduces insider threat risk
