The principle of least privilege (PoLP) – also known as the principle of least authority (PoLA) – is a cybersecurity practice in which an entity (such as a user, process, program, or module) in an information system is granted only those rights needed to perform its intended tasks. If these tasks do not require access to certain resources and features, access is not granted. The chief benefit of PoLP is that, in the event of an incident with an entity (for example, an account gets hacked or an application crashes), the damage to the organization will be less than if this entity had unlimited rights.
PoLP is a component of the Zero Trust information security concept, in which the default policy is never to trust any entity throughout the IT infrastructure.
Typically, PoLP includes the following practices:
- Network segmentation. The corporate network is divided into small segments, which may consist of a single device or application. The smaller the segments, the more options the organization has to compartmentalize the rights of users, programs, and other entities.
- Minimum privileges for new accounts. All new accounts are created with the least privileges possible.
- Privilege separation. Entities are divided into groups and subgroups of minimum size. For example, privileges are granted to a specific user – not to a group of same-level users, or to a specific process within a program – not to the entire program.
- just-in-time (JIT) access (privilege bracketing). Higher-level privileges are granted only for the duration of the task for which they are required. Immediately after the task’s completion, the elevated privileges are revoked.
- Privilege audit. Existing permissions are regularly reviewed and revised. If an entity no longer needs certain rights to perform its tasks, those rights are revoked.
What problems does PoLP solve?
The main purpose of PoLP is to make corporate infrastructure more secure by:
- Reducing the attack surface. A limited number of privileged accounts lowers the number of vulnerable points through which an attacker could gain access to infrastructure.
- Preventing infection of an entire infrastructure. In the event of a successful attack, the intruders gain access only to a small segment of the network.
- Improves employee productivity. Having elevated privileges for only a limited time may encourage employees to perform tasks faster than if these privileges were granted permanently.
- Increases audit readiness. Continuous monitoring of users, software, and other entities, as well as regular reviews of rights, makes it easier for a company to conduct security audits.