The Principle Of Least Privilege Expounded
The meaning of this principle is that the data that is accessible by a company is limited by the identity of some few individuals that have been authorized by the company. What this principle means is that any person that has no authority to access data will not be able to do so since their identity will not be recognized by the system and thus rendering their efforts to access the data unfruitful. With this said we, therefore, have to realize that there are some risks which make companies and organizations use the principle of the least privilege. We are therefore going to expound further on some of the risks that a company is exposed in the use of the principle of least privilege.
One of the risks that are involved in the principle of least privilege is dormant identities. When an individual has access to a company’s important information or data and has not been consistent in reviewing and looking in into the system for a very long time they become inactive and this is what we mean by the terminology dormant identities. A person may easily forget about such privileges especially when they are very busy in their day to day operations of the organizations that they forget about their logins to such a system. Although these people with the dormant identities are innocent in a way, there are people who have malicious agendas and they can use these dormant identities to their advantage so that they can access the data and information in a company’s database and use it for their own personal evil gains. This kind of risk is very crucial and needs to be checked since other parties can access data which they are not allowed to do so.
Another risk that is associated with the principle of least privilege is privilege escalation. There are two ways in which an individual can view privilege escalation and one of the ways is horizontal privilege escalation and the other is vertical privilege escalation. In the area of horizontal privilege escalation, a person who does not have access to many functions in the cloud of an organization maneuvers his or her way to an account of an individual who has more ability and functions within the cloud. Vertical privilege escalation is a situation where a person who has no authority or power and is lower in the rank within an organization manages to breach the account of another person who has a higher rank in the organization and uses the privileges of that account and doctor the information to their own evil advantages. Privilege escalation is very dangerous to the operations of the company and therefore needs to be closely monitored.