I’m starting a series of articles that will cover a significant topic: The Principle Of Least Privilege (PoLP).
This extremely important topic is rarely mentioned in IT sphere. In my experience, the industry neglects the problem. The failure to comply with this challenging issue multiplies problems in many areas of IT security.
My primary goal is to raise awareness: I want to show you how deep has been built this problem into today’s security challenges and how many incidents are affected.
My secondary aim is to explore the possibilities of solving this problem. I will demonstrate the levels of improvement you can reach, even without using appropriate software tools, and where the limits are.
Thirdly, I would like to write about a technical solution that can effectively implement the least privilege principle and manage the problem in a risk-sensitive manner.
Why did I get into this? In my 20 years spent in IT security, while getting to know the IT control environment of about 100 companies, I have never seen a really good solution in the PoLP area. On the other hand, I have faced the result of excessive access rights as the root causes of many security incidents.
I’m already preparing the next series of articles that focus on real-life examples (anonymized). Some of the examples will be presented by guest writers.
In case you are interested in this blog series, you can subscribe here to get notification about new parts.