Least Privilege

By Jim Zierick  |  Posted 2011-01-06 Print this article Print

Least privilege

Unfortunately, you can't ever completely eliminate the chance that someone will leak documents to WikiLeaks. In order for any organization to function, they will need individuals to be able to access information. There will always be a chance that any given individual will decide to make that information available to more people than they should.

All we can do is drastically reduce the odds. Even while the government tries to stop WikiLeaks, they offer WikiLeaks a green field of opportunity with excessive internal access. The more people with access to any particular piece of information, the more likely that data will reach the public eye.

"Least privilege" is the best practice of cutting excessive access rights by giving staff members only the privileges they need to do their jobs and not an inch more or less. The lack of granularity in policy here often provides staff access to severalfold the amount of data they really need. Say you reduce the average employee's access rights by 80 percent. Theoretically, you've reduced the volume of information being leaked to WikiLeaks by an approximately equal proportion because employees can only leak the amount of information to which they have access.

Only the companies that perform the worst at protecting their secrets will gain the spotlight of the next mega leak because the site only does major leaks on companies where they've compiled enough sources and information. An 80 percent reduction in information leaked to WikiLeaks is really almost a guaranteed safeguard since a major leak won't occur on the basis of scraps of information.

What the IT security team will need to work out is how to make drastic cuts in access to prevent leaks to WikiLeaks-without blocking employees from the information they need to be productive and that will require implementing more detailed policies.

Jim Zierick is Executive Vice President of Product Operations at BeyondTrust. Jim is responsible for the development, methodology and process of one of BeyondTrust's solution suites. Jim also leads global initiatives to drive growth and technical thought leadership. Prior to joining BeyondTrust, Jim served as a serial CEO at Nirvanix, LogicalApps and Aspyra. Jim has also held senior positions at Oracle, Peregrine Systems and Hewlett-Packard. He can be reached at jzierick@beyondtrust.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel