Least Privilege
Definition
The Principle of Least Privilege is a security concept ensuring users and systems have only the minimum access necessary for their tasks, reducing risk.
Use Cases
- Netflix: Secure access to microservices — Netflix uses IAM policies to ensure that each microservice has only the permissions it needs to perform its function, minimizing potential security risks. (Enhanced security posture and reduced risk of unauthorized access, contributing to a more secure and resilient infrastructure.)
Provider Equivalents
- AWS: IAM (Identity and Access Management)
- Azure: Azure Active Directory
- GCP: Cloud IAM
- OCI: OCI Identity and Access Management
Frequently Asked Questions
- What's the difference between Least Privilege and Role-Based Access Control (RBAC)?
- Least Privilege focuses on granting the minimum permissions necessary, while RBAC assigns permissions based on roles. Least Privilege can be implemented within RBAC by ensuring roles have minimal permissions.
- When should I use Least Privilege?
- Use Least Privilege whenever you configure access controls to minimize security risks by ensuring users and systems have only the permissions they need to perform their tasks.
- How much does Least Privilege cost?
- Implementing Least Privilege itself doesn't have a direct cost, but it may require time and resources to configure and maintain. The cost is often offset by the increased security and reduced risk of breaches.
Category: security
Difficulty: intermediate
Related Terms
See Also