Imagine you are going on vacation, and you ask your friend to look after your dog while you’re away. To do this your friend would, of course, need your house key before you left for your trip. Now what if, instead of caring for your pet, all you needed him to do was to check your mailbox. There would be no need to hand over your house key now, since all he’s supposed to be doing is grabbing your mail. Your thinking on this is simple. Yes, you place an enormous amount of trust in your friend, but there is still a chance he might accidentally leave the door unlocked and let in a thief, or break something while being careless. Why put yourself in such a position when it isn’t necessary? This line of thinking is a key concept in cybersecurity: the principle of least privilege.
Least privilege is an essential practice in cybersecurity that secures networks in exactly the manner described in the above scenario. It refers to placing limits on an individual user’s authorizations such that each person is only given privileges necessary to carry out his or her job. For instance, Liz in accounting may be allowed to access and alter the company’s payroll database, but would be locked out of the servers used by the research and development team. By limiting the range of access and capabilities of individual user accounts, organizations strengthen their networks’ security by limiting any potential malicious or accidental damage caused by their employees.
Limiting privileges is not just about mitigating risks, it is also a practical defensive measure in the event of a breach in security. By walling off different sections of a network to certain employees, companies can stop limited malware infections – like a single compromised laptop – from metastasizing into network-wide contagions.
For companies that do utilize least privilege principles, it is important to carry out periodic reviews to ensure every user not only has their necessary authorizations, but, more importantly, to make sure unnecessary privileges are taken away from those whose roles have changed. This prevents privilege creep, or the gradual accumulation of access privileges over time. As an employee’s role in the company evolves, through lateral transfers or promotions, that person is sometimes given more and more privileges while retaining the credentials from his or her former positions. Since privilege creep essentially undoes the work of least privilege implementation, it should be avoided when possible.
Until now, the focus of this piece has been on limiting the possible damage that could be doled out by individual employees in an organization. But what about the danger posed by those charged with the security of the network? If the IT team is in charge of monitoring all users’ privileges, then who watches the watchers?
That’s where the concept of division of duties comes in. It acts to make sure no individual network administrator has too much power in any situation. Division of duties calls for the sharing of responsibilities of key processes among several different administrators. It is an essential security protocol in information technology and a rather easy process to carry out, at least within large companies.
Take the creation of a database server for example. Step one would entail having the server administrator actually build and configure the server, setting up its hardware and software. Ideally, the next few steps would be carried out by two new people. Once built, the server would need someone to set it up and maintain it day to day, and another to manage the issuing of user accounts, passwords, and their access to the server. Dividing this task up among three different workers keeps any one from having too much responsibility, which can limit abuse of power.
Least privilege and division of duties are both essential practices to cybersecurity in any and every organization striving for proper cyber hygiene. Correct implementation and practice of these two security protocols will protect organizations from countless threats across the spectrum of cyberattacks.