Least Privilege
What is “least privilege” and why is it important?
I would define least privilege as ensuring that all users, services, and accounts are running with the bare minimum of rights and access needed in order to function. If a particular right is not needed in order to perform a particular function, then you will not be assigned that right.
For example, let’s say you have a safe deposit box at your local bank. You have a key to it, and that key will only unlock on your box. This bank is following the principle of least privilege: you only have access to exactly what you need (in this case, your box). If the bank were NOT following the principle of least privilege, they might have given you a master key, instead. This key can give you access to any box, and they are just trusting that you will only attempt to access what you need (your box).
This is why least privilege is so important. Without it, the user/service/account has more permissions than they need, and they are just simply being trusted not to misuse them. Least privilege ensures that misuse isn’t even a possibility. Seeing as they only have the key to their box, as opposed to the master key, they are extremely limited in the damage they can do (either malicious or accidental) and yet they are still able to access everything they need without problem.
Implementing least privilege can take a lot of work, and that time and effort is probably why many organizations do not have it perfected. It is simply easier to just assign a new user with a broad swath of permissions that you know will work for him/her than to sit down and try to iron out exactly what they do and do not need access to.
In our example, it would be so much easier for the bank to just hand out master keys to everyone; they all get access to what they need, and the bank doesn’t need to spend the time making individual keys for each individual box and somehow keeping track of them all. Laziness is a common reason for not following the principle of least privilege.