{"id":61246,"date":"2022-03-29T15:00:00","date_gmt":"2022-03-29T19:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=61246"},"modified":"2022-11-17T17:43:40","modified_gmt":"2022-11-17T22:43:40","slug":"what-is-least-privilege","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/what-is-least-privilege","title":{"rendered":"What Is Least Privilege and Why Do You Need It?"},"content":{"rendered":"\n

If you were going on vacation and hiring someone to watch your house, would you leave them your spare key? Or would you give them your full set of house and car keys, several credit cards, and your social security card? <\/p>\n\n\n\n

The answer should be obvious. Of course<\/em> you wouldn\u2019t give a stranger keys to your whole kingdom. In fact, especially savvy clients may spend time figuring out the very least access they could give a house sitter without interfering with their job. <\/p>\n\n\n\n

The idea of giving employees the lowest-possible access to do their jobs is called the principle of least privilege (PoLP), and it\u2019s just as important in business environments as it is in your own home. PoLP is an essential component to privileged access management (PAM)<\/a>. In this article, you\u2019ll learn what least privilege is and why it needs to be a part of your organization\u2019s security strategy. <\/p>\n\n\n\n

Definition of Least Privilege <\/h2>\n\n\n\n

To get started, let\u2019s get a clear idea of what PoLP entails. Least privilege is the concept of giving users the least possible access to company resources like servers, applications, and devices, without interfering with their job. It\u2019s a balance between maintaining the highest standards of security, without compromising productivity. <\/p>\n\n\n\n

Least privilege is also an integral part of a holistic privileged access management (PAM) security strategy. PAM is the overall framework of how your company manages and secures privileged accounts and devices (that is, accounts with more than average clearance or access). It\u2019s made up of two main principles: least privilege and privileged access. <\/p>\n\n\n\n

It\u2019s important to note that while least privilege is most commonly used in the context of user accounts, it\u2019s not exclusive to managing employee identities. PoLP can \u2014 and should \u2014 also be used to manage networks and devices. <\/p>\n\n\n\n

Privileged vs. Non-Privileged Accounts <\/h3>\n\n\n\n

While least privilege in the context of PAM is about managing privileged accounts, the term itself is not superuser-exclusive. Every employee, regardless of account type, should be given minimum necessary access to company resources. But what that access looks like will differ depending on account type. <\/p>\n\n\n\n

Privileged accounts<\/strong> (sometimes called superuser accounts) have access above and beyond the standard user options. <\/p>\n\n\n\n

Think administrator overrides, the ability to access sensitive or classified company information, or the ability to remotely push updates to multiple user devices. These accounts may belong to executive leadership or IT teams. <\/p>\n\n\n\n

Non-privileged accounts<\/strong> (sometimes called standard accounts) have only basic access to the servers and applications necessary to do their job.<\/p>\n\n\n\n

While a non-privileged user in marketing may have fuller access to Adobe Creative Suites than an accountant, neither of them can use administrative overrides in their applications. This is the \u201ctypical\u201d employee account, and in a normal organization, 85-90% of all accounts should be non-privileged. <\/p>\n\n\n\n

Note that though privileged and non-privileged accounts are different, the principles of least privilege should be applied to all<\/strong> user accounts in your organization, not just privileged ones. <\/p>\n\n\n\n

Least Privilege Examples <\/h3>\n\n\n\n

Using our example of the house sitter from the intro, let\u2019s take a closer look at least privilege in action. Say that all your house sitter needs to do every day is water your plants. Normal privilege may be giving them a garage door opener or keys to your house. But least privilege challenges you to be even more<\/em> secure. <\/p>\n\n\n\n

Instead of giving the sitter whole-house keys, what if you only gave them a key to the greenhouse in your backyard, and before going out of town you moved all your houseplants into the greenhouse? This gives them access to do what you\u2019re paying them for, but no more. <\/p>\n\n\n\n

Now, let\u2019s apply PoLP to businesses. Check out the three examples below. <\/p>\n\n\n\n