Least privileged users or LPU’s are accounts with very low access and most commonly used for low tenure employees and employees with lower levels of authority. However, PoLP eliminates this issue by only giving limited access to individuals. If someone outside the organization gets access to a higher level log-in, they could potentially access the data within the system. Least Privilege also protects the data from external attacks. Many companies have plenty of safeguards in place for external cyberattacks, but what about internal threats? In many ways it makes sense for a high-level individual to have access to all of the levels below, but in others, lower level information might not directly affect higher level employees, so limited access would be valuable from a security perspective. This was the voluntary release of data, however it shed light on the importance of restricted access for even internal uses for data security purposes.
Had Booz Allen Hamilton utilized the principle of least privilege, Snowden would not have had access to all of this information. Snowden infamously worked on a contract for the CIA and NSA and released thousands of classified documents regarding the United States unconstitutionally accessing data from it’s citizens and high profile individuals around the world. Snowden worked in IT consulting for Booz Allen. The year is 2013, the name Edward Snowden is plastered across newspapers, news broadcasting, and has the internet buzzing. This article will give context to to the concept as well as some real world examples of the importance of Least Privilege. It is comparable to the “minimum necessary “requirement” in sharing PHI with HIPAA in that the less the better as laid out by the HHS. The principle of the least privilege is the idea of giving the least amount of access necessary to an individual to complete their job. You may be reading this just getting to the textbook definition of Least Privilege and if that’s the case, it’s pretty straight forward. Jackson, but we’ll do our best to keep things interesting. No, this isn’t an article about a critically acclaimed tale of hitmen and mobsters, in fact something far more interesting: the Information Technology Principle of Least Privilege! Alright, I concede that this article may not be as exciting as friendly banter amongst John Travolta and Samuel L.
Principle of Least Privilege: No Fiction Here
0 kommentar(er)
