Login Book a demo
back icon

Glossary

What is the principle of least privilege. Why is it important?

The Least Privilege Principle declares that a subject should have access to the minimum privilege required to complete a specific task. If no access right is needed, the subject won’t have it. Moreover, the functional management of the subject will control the assignment of rights. 

Also known as the Principle of Minimal Privilege or the Principle of Least Authority, the Principle of Least Privilege (PoLP) is a fundamental concept in computer security and access control. It states that a user or process should only be given the minimum privileges necessary to perform their intended tasks and nothing more.

The principle is based on the idea that granting excessive privileges increases the potential for unauthorized access, misuse, and unintended actions. By adhering to the Principle of Least Privilege, organizations can limit the damage caused by malicious activities, accidental errors, or software vulnerabilities.

One of the key aspects of the Principle of Least Privilege is granting the minimum necessary access. This involves carefully assessing the requirements of each user or process and determining the precise permissions and privileges they need to fulfill their designated functions. For example, an employee in a company’s finance department may only require read and write access to financial records, while a system administrator may require elevated privileges for system maintenance. By implementing the principle, unnecessary privileges are avoided, minimizing the potential for unauthorized access or unintended actions.

Here are some more key aspects of the Principle of Least Privilege:

  1. Minimum necessary access: Users and processes should have only the permissions and privileges required to fulfill their specific duties or tasks. This minimizes the potential impact of compromised accounts or malicious actions.
  2. Access control granularity: Access controls should be defined at a fine-grained level, allowing administrators to precisely specify the privileges granted to each user or process. This ensures that users only have access to the specific resources they need.
  3. Regular review and audit: Privileges should be periodically reviewed and adjusted as needed. This helps maintain the principle over time and ensures that users do not accumulate unnecessary privileges.
  4. Separation of duties: Sensitive tasks should be divided among multiple users or processes to avoid concentration of power. This reduces the risk of insider threats and makes it more difficult for a single individual to compromise the system.

By applying the Principle of Least Privilege, organizations can enhance the security of their systems and data, mitigate the impact of security breaches, and reduce the attack surface for potential adversaries. It is considered a best practice in various industries and is often implemented through access control mechanisms, such as role-based access control (RBAC) or mandatory access control (MAC) policies.

Just-in-time access permission management

 

30-Day Free Trial

Get Started

What violates the principle of least privilege?

How do you implement the principle of least privilege?

A

Attack Surface

An attack surface in permissions management refers to the sum total of all potential vulnerabilities that an unauthorized entity could exploit to gain access to a system or data. ...

Attribute-based Access Control (ABAC)

Attribute-based Access Control (ABAC) is a sophisticated and dynamic access control model that grants or denies user access to resources based on the evaluation of attributes. These attributes can pertain...

Azure AD

Azure Active Directory (Azure AD) is a cloud-based service that offers identity and access management capabilities. With Azure AD, your employees can securely access various external resources, including Microsoft 365...

Access Management

Access management, also known as access control or identity and access management (IAM), refers to the processes, policies, and technologies implemented by organizations to control and regulate who can access...

Advanced Threat Protection

Advanced Threat Protection (ATP) refers to a set of security solutions and strategies designed to defend against sophisticated and evolving cyber threats that are capable of bypassing traditional security measures.  ...

Authentication versus Authorization

Understanding the distinction between authentication and authorization is fundamental to grasping the mechanisms that protect sensitive data and systems. While these terms are often used interchangeably, they refer to distinct...

Access Management Workflows

Access management workflows are structured processes and procedures designed to manage and control access to resources, systems and data within an organization. These workflows are crucial for ensuring security, compliance...

Anomaly Detection

Anomaly detection in cybersecurity is a technique used to identify unusual or suspicious patterns of behavior within a computer system or network that may indicate the presence of security threats...

Access Control

Access control refers to the process of controlling and regulating who can access specific resources, data, systems, or functionalities within an organization’s digital environment. This management ensures that only authorized...

AWS IAM Roles vs Policies

Navigating the complex landscape of Amazon Web Services (AWS) can be a daunting task, especially when it comes to understanding IAM Roles and Policies. Both components are crucial for ensuring...

Active Directory

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is used to manage and store information about network resources and application-specific data from a...

Authentication

Authentication in cybersecurity is a critical process that verifies the identity of users, devices, or systems attempting to access digital resources. This fundamental security measure acts as the first line...

Adjustable Access Policies

Adjustable access policies are designed to dynamically adapt to changing contexts, ensuring that access permissions are always aligned with the current needs and security requirements. This proactive approach eliminates the...

B

Blast Radius

In the context of DevOps, the term “blast radius” refers to the potential impact and extent of damage that a failure or error can have within a system or infrastructure....

Brute force Attack

A brute-force attack is a type of cyberattack in which an attacker systematically attempts all possible combinations of passwords or encryption keys until the correct one is discovered. The goal of a...

Break-glass Scenarios

Break-glass scenarios refer to emergency situations where access controls or security protocols need to be overridden to address a critical threat, maintain system integrity, or ensure business continuity. These scenarios...

Birthright Access

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Bastion Host

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

C

California Consumer Privacy Act

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Centralized Authentication

Centralized Authentication refers to the system where user authentication is managed through a single, unified platform. Instead of maintaining separate login credentials for different systems, a centralized server (or authentication...

Cloud Access Policies

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Context-Based Access Control

Context-based access control provides access decision and enforcement that is based on a dynamic risk assessment or confidence level of a transaction. Context-based access uses behavioral and contextual data analytics...

Connecting IdPs with Databases

Managing identities and permissions for your databases is made easier with native, custom identity provider connections because they leverage your existing identity provider to simplify authentication and managing permissions. ...

Connect Azure AD with Elasticsearch

Integrating Azure AD with Elasticsearch allows you to provide access in Elasticsearch’s databases and schemas according to users and groups from Azure AD. ...

Connect Azure AD with MariaDB

Integrating Azure AD with MariaDB allows you to provide access in MariaDB databases and schemas according to users and groups from Azure AD. ...

Connect Azure AD with Mongo Atlas

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Connect Azure AD with MongoDB

Having Azure AD connected with MariaDB allows you to provide access in MongoDB databases and schemas according to users and groups from Azure AD. ...

Connect Azure AD with MySQL

Connecting Azure AD with MySQL allows you to provision access in MySQL databases and schemas according to users and groups from Azure AD. ...

Connect Azure AD with PostgreSQL

Connecting Azure AD with PostgreSQL allows you to provide access in PostgreSQL databases and schemas according to users and groups from Azure AD. ...

Connect Google Workspace with Elasticsearch

Connecting Apono with Google Workspace enables organizations to manage permissions at a granular resource level, automating database access based on Google Workspace users and groups authentication. It facilitates the creation...

Connect Google Workspace with MariaDB

Connecting Apono with MariaDB allows organizations to streamline and automate their database access management. By integrating with MariaDB, Apono enables granular control of user permissions, ensuring that only authorized personnel...

Connect Google Workspace with Mongo Atlas

Connecting Google Workspace with MongoDB Atlas allows organizations to streamline and enhance their database access management by leveraging Google Workspace’s user and group authentication. ...

Connect Google Workspace with MongoDB

Connecting Google Workspace with MongoDB allows organizations to streamline access management and improve security across their databases. By integrating MongoDB with Google Workspace, administrators can manage user authentication and permissions...

Connect Google Workspace with MySQL

Integrating Google Workspace with MySQL allows you the ability to provide access in MySQL’s databases and schemas according to users and groups from Google Workspace. ...

Connect Google Workspace with PostgreSQL

Integrating Google Workspace with PostgreSQL allows you the ability to provide access in PostgreSQL’s databases and schemas according to users and groups from Okta. ...

Connect Jumpcloud with Elasticsearch

Integrating Jumpcloud with Elasticsearch allows you the ability to provide access in Elasticsearch’s databases and schemas according to users and groups from Jumpcloud. ...

Connect Jumpcloud with MariaDB

Integrating Jumpcloud with MariaDB allows you the ability to provide access in MariaDB’s databases and schemas according to users and groups from Jumpcloud. ...

Connect Jumpcloud with Mongo Atlas

Integrating Jumpcloud with Mongo Atlas allows you the ability to provide access in Mongo Atlas’ databases and schemas according to users and groups from Jumpcloud. ...

Connect Jumpcloud with MongoDB

Integrating Jumpcloud with MongoDB allows you the ability to provide access in MongoDB’s databases and schemas according to users and groups from Jumpcloud. ...

Connect Jumpcloud with MySQL

Integrating Jumpcloud with MySQL allows you the ability to provide access in MySQL’s databases and schemas according to users and groups from Jumpcloud. ...

Connect Jumpcloud with PostgreSQL

Integrating Jumpcloud with PostgreSQL allows you the ability to provide access in PostgreSQL’s databases and schemas according to users and groups from Jumpcloud. ...

Connect Okta with Elasticsearch

Integrating Okta with Elasticsearch allows you the ability to provide access in Elasticsearch’s databases and schemas according to users and groups from Okta. ...

Connect Okta with MariaDB

Integrating Okta with MariaDB allows you the ability to provide access in MariaDB’s databases and schemas according to users and groups from Okta. ...

Connect Okta with MongoDB

Integrating Okta with MongoDB allows you the ability to provide access in MongoDB’s databases and schemas according to users and groups from Okta. ...

Connect Okta with MySQL

Integrating Okta with MySQL allows you the ability to provide access in MySQL’s databases and schemas according to users and groups from Okta. ...

Connect Okta with PostgreSQL

Integrating Okta withPostgreSQL allows you the ability to provide access in PostgreSQL’s databases and schemas according to users and groups from Okta. ...

Connect Okta with Mongo Atlas

Integrating Okta with Mongo Atlas allows you the ability to provide access in Mongo Atlas’ databases and schemas according to users and groups from Okta. ...

Connect Onelogin with MySQL

Integrating Onelogin with MySQL allows you the ability to provide access in MySQL’s databases and schemas according to users and groups from Onelogin. ...

Connect Onelogin with PostgreSQL

Integrating Onelogin with PostgreSQL allows you to provide access in PostgreSQL’s databases and schemas according to users and groups from Onelogin. ...

Connect Onelogin with Elasticsearch

Integrating Onelogin with Elasticsearch allows you the ability to provide access in Elasticsearch’s databases and schemas according to users and groups from Onelogin. ...

Connect Onelogin with MariaDB

Integrating Onelogin with MariaDB allows you the ability to provide access in MariaDB’s databases and schemas according to users and groups from Onelogin. ...

Connect Onelogin with Mongo Atlas

Integrating Onelogin with Mongo Atlas allows you the ability to provide access in Mongo Atlas’s databases and schemas according to users and groups from Onelogin. ...

Connect Onelogin with MongoDB

Integrating Onelogin with MongoDB allows you the ability to provide access in MongoDB databases and schemas according to users and groups from Onelogin. ...

Cloud-native Application Protection Platform

A Cloud-native Application Protection Platform (CNAPP) is a specialized cybersecurity solution designed to secure and protect applications that are developed and deployed in cloud-native environments.  ...

Cloud Security Posture Management (CSPM)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Workload Protection (CWP)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Security

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud PAM

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Access Security Broker (CASB)

A Cloud Access Security Broker (CASB) is a security solution or service that acts as an intermediary between an organization’s on-premises infrastructure and cloud services, helping to secure and manage data...

CI/CD Pipeline

CI/CD stands for Continuous Integration and Continuous Delivery (or Continuous Deployment), and it represents a set of practices and tools used in software development to automate the process of building...

Credential Stuffing

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Continuous Adaptive Risk Trust Assessment (CARTA)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Credentials Rotation

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Infrastructure Entitlement Management (CIEM)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Access Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Privileged Access Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Credential Theft

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Context-Based Access Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Access Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Cloud Governance

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

D

DevOps vs DevSecOps

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Data Access Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

DevSecOps

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

E

Ephemeral Certificates/Ephemeral Access

Ephemeral certificates are short-lived access credentials that are valid for as long as they are required to authenticate and authorize privileged connections ...

F

Federated Access

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Fedramp Compliance

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

G

General Data Protection Regulation (GDPR)

The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The GDPR is an important...

Google Workspace

Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. ...

Gramm-Leach-Bliley Act (GLBA)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Group Based Access Control (GBAC)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

H

Honeypot

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

HIPAA compliance

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

I

Identity and Access Management (IAM)

Identity and access management (IAM) ensures that only relevant people with certain organizational roles can access tools that they require to complete their jobs. IAM allows organizations to control employee...

IGA (Identity Governance Administration)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Identity Governance

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Identity Provider (IDP)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Identity-as-a-Service (IDaaS)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Identity Governance Administration

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

IT Security Policy

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Incident Response

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Insider Threats

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Identity Sprawl

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Identity Threat Detection and Response (ITDR)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

J

Just-in-Time Access (JiT)

Just-in-Time Access (JIT) is a vital security protocol where permission to access applications or systems is only for a preset limited timeframe on an as-needed basis. This prevents the risks...

Jumpcloud

JumpCloud is reimagining the on-prem directory as a cloud-based platform that secures identities, manages devices, and provides safe access to all types of IT resources — on-prem, in the cloud...

L

Lateral Movement

Lateral movement in cybersecurity refers to the technique used by attackers or malicious actors to move horizontally across a network once they have gained initial access to a single system. ...

Log Analysis Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Least Privilege Principle

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Lightweight Directory Access Protocol (LDAP)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

M

Multi-Factor Authentication (MFA)

Multi-factor Authentication (MFA) is an authorization method that requires a user to provide one or more verification details to gain access to a resource such as an online account, application...

Man-in-the-Middle Attack

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Multi-cloud Security

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

O

Observability

Observability is a management procedure that focuses on keeping the relevant, crucial, and vital issues at or near the top of an operations process flow. This post will discuss the...

Okta

Okta is an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications. With Okta, IT can manage any employee’s access to any application or device. ...

Onelogin

OneLogin is a cloud-based identity and access management provider that develops a unified access management platform to enterprise-level businesses and organizations. ...

Open Authorization (OAuth)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

On-call Access Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

P

Principle of Least Privilege

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only be granted resources...

Privileged Access Management (PAM)

Privileged Access Management (PAM) is an information security (infosec) process that uses special access or capabilities (beyond the scope of regular users) to protect identities. Like any infosec solution, PAM...

Privilege Elevation and Delegation Management (PEDM)

Privilege Elevation and Delegation Management (PEDM) is a subset of Privileged Access Management (PAM) that aims to deliver more granular access restrictions than Privileged Account and Session Management (PASM) tools...

Privileged Account and Session Management (PASM)

Privileged account and session management (PASM) gives users an “all-or-nothing” temporary administrative access to privileged business environments. An organization’s risk management and cybersecurity plan should include PASM solutions to manage, control...

Permissions Management

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Phishing

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Privileged Session Management

Privileged session management, also known as privileged session recording or privileged access session management, is a cybersecurity practice that involves monitoring and recording the activities of users who have privileged...

Policy-Based Access Control

Policy-based access control (PBAC) is a security mechanism used in computer systems and networks to regulate and manage access to resources based on predefined policies or rules. It’s a way...

Policy-as-Code

Policy-as-code (PaC) is an approach in the field of DevOps and cloud computing that involves defining and enforcing policies through code. These policies are rules, guidelines, or best practices that...

Privileged Access Governance (PAG)

Privileged Access Governance (PAG) is a comprehensive framework and set of practices that organizations use to manage, control, and monitor access to privileged accounts and resources within their IT infrastructure.  ...

Permission Control

Permission control is the process of defining and regulating the specific actions or operations that individuals or entities are allowed to perform within a system, application, network, or physical space....

PAM vs IAM

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Privileged Access Management as a Service (PAMaaS)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Password Vaulting

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Privileged Identity Management (PIM)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Privilege Creep

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Password Spraying

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

PCI Compliance

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

R

Role-based Access Control (RBAC)

One of the primary methods of advanced access control is Role-based access control (RBAC) – a system that restricts network access solely based on a person’s role within the organization....

Resource-based Policies

Resource-based policies are a type of authorization mechanism used in computer security to define and manage access control for specific resources, such as files, databases, APIs, and cloud services.  ...

Relationship-Based Access Control (ReBAC)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

S

Service Organization Control 2 (SOC2)

Information security threats remain a significant concern for all organizations, including those which outsource essential business operations to third-party service providers such as SaaS or cloud-computing vendors. But why is...

Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication method that enables a user to log in with a single identity to any of several related, yet independent, applications and databases. Or in...

Service Accounts

Operating systems frequently utilize service accounts to execute applications or run programs. They are used either in the context of system accounts or a specialized user account, which is created...

Standing Privileges

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Secrets Management

Secrets management refers to the practice of securely storing, managing, and controlling access to sensitive information, often referred to as “secrets,” within an organization’s IT infrastructure. ...

Shadow Access

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

System for Cross-domain Identity Management (SCIM)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Security Assertion Markup Language (SAML)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Security Information and Event Management (SIEM)

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

Spear Phishing

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

SAML

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

T

Task-Based Access Control (TBAC)

Task-based access control (TBAC) is a flexible security system deployed in workflow management processes on a large scale. In TBAC, permissions are granted to tasks, and users can only access...

Trunk-based Development

In information security,  the principle of least privilege (PoLP), AKA the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in users in the organization should only...

U

User Provisioning

User provisioning, also known as identity provisioning or account provisioning, is the process of creating, managing, and maintaining user accounts and their associated access rights within an organization’s information technology...

V

Vendor Privileged Access Management (VPAM)

Vendor Privileged Access Management (VPAM) is a specialized tool designed to ensure least privilege access for vendor employees, while simultaneously monitoring their activities. ...

Vulnerability Management

Vulnerability management in cybersecurity is a comprehensive process aimed at identifying, assessing, prioritizing, mitigating, and monitoring vulnerabilities in computer systems, networks, applications, and other IT infrastructure components.  ...

Z

Zero Trust Network Access

Zero Trust is a tactical approach to securing an organization from cybersecurity threats through elimination of implicit trust and continuous validation at each stage of digital interaction. ...

Zombie Accounts

Zombie accounts, also known as dormant accounts or orphaned accounts, refer to user accounts that are still present in a system or application but are no longer actively used or...