Relics of the Past: Why the Principle of Least Privilege Needs a Modern Rethink

By Brad Mandell November 14, 2016

Padlock Icon Computer Key Showing Safety Security And ProtectedIT might live at the bleeding edge of innovation, but one of the fundamentals of modern IT security is still rooted in the early 1970s: the Principle of Least Privilege. When it was first introduced, the idea was that, to prevent breaches, every user should be given the minimal level of access to their organization’s IT infrastructure necessary to do their jobs. No more, no less. And, in theory, it made sense – limit the number of people who can reach your most sensitive data, and you limit your exposure to a breach.

But, the Principle of Least Privilege was born at a time when the first floppy disks and microprocessors were barely off the assembly line. IT today is a far different universe, and the original interpretation of Least Privilege brings problems for today’s enterprises.

For one, it is based on a fundamental mistrust of your employees; it paints each of the people working with you as a potential security risk. Least Privilege also raises barriers at a time when the enterprise is seeking greater flexibility in development. It can be difficult to react, pivot and scale when a team’s security privileges are based on the bare minimum required to do their job at any given point in time.

But, what if the central pillar of the Principle of Least Privilege – minimizing your exposure to a breach by reducing your access footprint – was turned around to face the outside world, rather than cast internally?

It’s possible. The enterprise can close off its most sensitive workloads from the outside world, while maintaining free and open access internally, by turning away from the public internet and moving to an interconnection model. Moving cloud, SaaS platform and vendor connections from the public internet to an on-demand, private and secure network of direct connections can instantly cast the Principle of Least Privilege onto any would-be attacker – rather than your own employees – and still minimize the exposure to a breach.

Like many legacy components of enterprise IT, the Principle of Least Privilege has its uses, but it needs to be adapted if it is to be fit for purpose in today’s security landscape. Interconnections can enable this paradigm shift, allowing enterprises to secure their infrastructure from the possibilities of attack or service disruption, without restricting their teams to the bare minimum of their functionalities.

Console is an interconnection platform building digital ecosystems between enterprises and business-critical partners – including SaaS, cloud service, data center and network service providers – who can directly connect at the click of a button. Our digital ecosystem of interconnections spans more than 170 POPs in 20 countries around the world. Want to learn more? Click here to sign up for a free trial, or here for a firsthand look at the Console app itself.

Read More:

Interconnections 101

Software Interconnection: The Future of Enterprise Networking

About Brad Mandell

Brad is responsible for driving worldwide revenue at Console, as well as developing marketing plans to enhance Console’s positioning and branding in the marketplace. He is a proven senior sales executive with broad experiences in both running large-scale organizations and publicly traded companies, and driving shareholder value with early-stage and mid-sized companies. He has grown several WW field groups from inception to broad WW coverage models, and has a deep understanding of both the science and art of sales leadership. Read more