Principle of Least Privilege

Secure organizations often share information on a "need to know" basis, and this model can be applied to technical systems too.

The "principle of least privilege" states that every user or process within a system should operate using the least amount of privilege necessary to undertake their job. This helps mitigate any risks if a component is compromised or an individual goes rogue.

Applying the principle to technology stacks means:

• Running web-server processes as non-root users, and restricting the directories they can access on disk, and what they can do there.
• Opening firewall ports only when necessary.
• Limiting access to databases, and requiring processes that connect to databases to run under named accounts with limited permissions.
• Provisioning services only when necessary, rather than making them accessible in an ad-hoc manner.

The principle can be applied to personnel too. You should:

• Restrict access to production systems -- ensure that access is only available under named accounts and for limited windows of time.
• Have clearly defined roles and release processes, so access can be restricted in a meaningful way.
• Ensure that data used in test systems is scrubbed of any sensitive information.
• Ensure that credentials for your key systems are known only by those who require it for their job function, and that these credentials are rotated frequently.