A security principle that grants non-human identities the minimum level of access necessary to perform their designated functions.
Description
The principle of Least Privilege is a foundational concept in cybersecurity, particularly in the context of Non-Human Identity Management (NHIM), which includes service accounts, applications, and automated processes. This principle dictates that non-human identities should only be given the permissions necessary to execute their specific tasks and no more. This minimizes the potential attack surface and limits the impact of compromised accounts or systems. For instance, if an automated service is only required to read data from a database, it should not be granted write or delete permissions. By adhering to the Least Privilege principle, organizations can enhance their security posture by preventing unauthorized access and reducing the risk of data breaches. This approach also facilitates better compliance with regulatory requirements and helps in maintaining a more controlled and auditable access environment. Regular reviews of permissions and proper identity governance practices are essential to ensure that the principle of Least Privilege is effectively implemented and maintained.
Examples
- A cloud service account with access only to specific storage buckets needed for its function.
- An API key that can only read from a database but cannot modify or delete records.
Additional Information
- Implementing Least Privilege can reduce the attack surface of applications and services.
- Regular audits and reviews are necessary to ensure compliance with the Least Privilege principle.