Least privilege is widely understood, less widely used
Least privilege management is widely considered an effective means of combating the security breaches that result from employee error, malfeasance or other human frailties. The problem, reports Taylor Armerding at CSO magazine, is that the technology is actually used much less widely.
With LPM, users have access to applications only if they need them. Although this simple control approach has been understood for decades, it doesn't seem to be used very effectively, according to the "2012 Data Breach Investigations Report" by Verizon (NYSE: VZ). A full 97 percent of the breaches reviewed by Verizon could have been avoided with a "simple or intermediate" control like LPM.
Not everyone is as confident in LPM, however. Employees who really want to get access to an application can find a way about least privilege, notes Danny Lieberman, CTO of Software Associates.
Part of the challenge in deploying LPM successfully is that it can be difficult to determine who should be given access to which applications. Flexible job descriptions can lead to the granting of greater privileges than necessary.
- see Taylor Armerding's article at CSO