The Principle of Least Privilege (POLP) is an information security best practice and a fundamental tenet of a zero trust security strategy. Under the POLP, a user, application, device, or other entity should only be granted the access and permissions required to perform their job role. By minimizing permissions, an organization limits the harm that can be done by a compromised account or an insider threat.
The POLP states that accounts, applications, and devices should only be granted the access and permissions required to do their job. This works by identifying these requirements based on business needs and a user’s, device’s, or application’s purpose within the enterprise.
For example, most employees do not need administrative access to their own computers to fulfill their roles, so POLP states that they should not have it. Similarly, finance personnel do not need access to HR records or IT systems, so they should not be granted it.
POLP also applies to limiting access to elevated permissions to tasks that require them. For example, an IT administrator may require privileged access to perform some of their job duties. However, they should use a non-privileged account for day-to-day tasks and only use their privileged account when it is necessary for a given task.
According to the 2021 Verizon Data Breach Investigations Report (DBIR), approximately 70% of data breaches involved privilege abuse. This means that an account with legitimate access to corporate resources was used to access and exfiltrate sensitive data. This may be due to a compromised account, negligence by the account owner, or an insider threat.
POLP helps to limit the risk of privilege abuse by limiting the privileges granted to a user, application, etc. If an account only has the permissions required to perform its role, then its ability to abuse those privileges is limited. While an account or application with legitimate access to the customer database may still access that database and steal the records within, this is a much smaller risk than if every user and application in the enterprise could potentially be used to do so.
POLP limits access to an organization’s sensitive data and valuable IT resources. By doing so, it can provide several benefits to the organization, such as:
POLP can be implemented via the following steps:
Effectively implementing zero trust and POLP requires tools that can support its access controls. For example, virtual private networks (VPNs) are not ideally suited to zero-trust or POLP because they are designed to provide legitimate users with unrestricted remote access to corporate networks.
Check Point’s Harmony Connect provides POLP-compatible secure remote access via zero trust network access (ZTNA) as part of its SASE solution. Learn more about implementing zero trust remote access in your organization. You’re also welcome to sign up for a free demo of Harmony Connect to learn about deploying POLP for your distributed workforce.