View from Peter Lancos, CEO
"Welcome to another edition of eXate's Global Data Diaries series, a fortnightly blog series that aims to bring you the latest news, tips and insights from the world of data privacy.
This week, we discuss the Principle of Least Privilege (PoLP), a computer security practice that gives users limited access rights based on their responsibilities. PoLP guarantees that only authorised users (those whose identity has been verified) are authorised to perform jobs within certain systems, applications, data and other assets.
In this day and age businesses are in need of a robust and resilient security strategy. Additionally, as COVID has brought with it a surge in remote working, most applications are no longer secure and many companies require a solution that enables a secure cloud environment.
As discussed in a number of our GDD posts, data breaches start with the illicit access of information. The goal of PoLP is to control mechanisms that function collectively across domains in a cloud-based architecture. By applying PoLP, organisations can limit the reach of user access into their network, systems and resources. A dedicated administrator can assign the necessary access to a user’s account according to customisable factors such designation, role, location etc.
The Principle of Least Privilege Regaining Popularity Amid Increasing Cyber Threats
Potential attackers can gain access to critical data and systems by using accounts with privileged credentials. It’s not impossible for a malicious insider to steal sensitive data or hijack domain controllers in order to gain control of the entire IT environment. As the frequency of data breach events rises year after year, businesses have become more concerned about privileged account security.
What is the Principle of Least Privilege?
A significant number of breaches begin with unauthorized access through compromised credentials. By applying the principle of least privilege, organizations can limit the reach of user access into their network, systems and resources.
Google Wins Dismissal of Data Privacy Suit by U.K. Top Court
Google won its bid to dismiss a data privacy lawsuit filed on behalf of millions of iPhone users, after the U.K.’s top court said the tech giant couldn’t be served with a class action suit.