The principle of least-privileged access consists of limiting access to network resources and data to what is strictly necessary for each specific user or system to perform its duties. Although less common, the concept can also be referred to as the principle of minimum privilege, or of least authority. As a foundation of Zero Trust Architecture (ZTA), least privilege shares with it the premise that the minimum of trust should be assumed of the users or systems, to limit the potential for abuse. Indeed, if a process or user account is given greater permissions than it needs to perform its tasks, an attacker could manipulate it to perform a hostile task. For instance, if an HR application is granted too wide a privilege, it may sed to maliciously delete, add, or modify employee data.
Implemented in its premise in the 1970s, computer scientist Jerome Saltzer formulated the principle and the industry quickly adopted it, in particular in operating system and processor designs, in the form of protection rings.
Least privilege is particularly important in countering complex cyber-attacks that often rely on privilege escalation, an operation that consists in obtaining more access to the system than a user should normally enjoy by exploiting vulnerabilities in the operating system or network management. Least privilege also helps protect against insider threats, by limiting the amount of data a legitimate user can access. This helps mitigate the amount of damage a disgruntled or compromised employee could impose on the company, for instance.
The implementation of least privilege principles in contemporary organisations is more complex. This is due to the mass adoption of software, hardware and services that act as an interface, such as Platforms-as-a-Service or Software-as-a-Service (SaaS), as well as cloud infrastructures such as Amazon Web Services and Microsoft Azure. Together, they form cloud computing. Given the complexity of these platforms, organisations sometimes grant read-only but otherwise unrestricted permissions to new users (basic roles), allowing a malicious or compromised account to map the organisations' network or even copy and steal troves of data. To be implemented efficiently, least privilege requires significant configuration efforts to build a genuinely granular access control system. But this is easier said than done. In August 2021, security researchers found that part of Microsoft’s Azure servers had been misconfigured for two years and allowed unauthorised users to access data stored on the servers.