Comment from François Amigorena, CEO of IS Decisions – “Least Privilege is Not Sufficient On its Own”

The principle of least privilege is intended to create an environment that, while providing elevated access, still limits risk. The act of isolating privileges based on need and providing users only the access they require is a key first step. But once the accounts are created and the privileges established, a gap exists. Accounts can still be compromised. Given, the more restrictive least privilege environment cannot police itself to detect inappropriate use, the need for some level of monitoring and enforcement is required.


Implementing least privilege

To start implementing least privilege, organisations create an environment where users are only granted the permissions they need to do their job. Privileged and non-privileged accounts are first separated. User profiles should then be correctly identified and permissions defined for each to bring each account into a state of least privilege. Then whether it’s the local Admin account on a workstation, or THE Administrator account in Active Directory – and everything in between – you have to reduce the number of employees that have access to these types of accounts.

But even with this all in place, organisations run the risk that account misuse (even accounts restricted down to the bare work essential privileges) will provide enough access for a threat action to take place. In reality, least privilege is really about the compromised use of a privileged account.


What is a privileged account?

But, what should you consider a ‘privileged’ account? It’s not a good idea to only focus on accounts that are ‘admin’ level.

Let’s take an example: the Director of Accounts Payable needs access to the AP system. It’s still possible that the account gets compromised and used to make fraudulent payments in order to steal the company’s money. There is a good chance that the user is not considered an admin of anything, but still the misuse of his account could hurt the company.

To avoid that, you need to monitor and better secure the access of every user account to make sure the underlying goals of least privilege are met



Leverage Logon security in addition to least privilege

Monitoring logons is the first step to limit the risk associated with any user – which of course, is the goal of any least privilege initiative! It gives visibility into account use, before malicious actions happen. For example a logon that stems from an unusual country or endpoint should be a red flag. Likewise for multiple failed logon attempts or concurrent logons.

Restrictions and multi factor authentication should also provide enforcement to protect accounts from being misused.

For example restrictions by machine or time, and a prompt for a second authentication factor on certain circumstances such as a new machine or a remote access.

Combining these functionalities allows you to keep the least privilege controls in place and to protect the environment from compromised credentials. By including logon security as part of your least privilege strategy, an environment remains in a constant state of enforcement to reduce risk.


François Amigorena is the founder and CEO of IS Decisions, and an expert commentator on cybersecurity issues.

IS Decisions software makes it easy to protect against unauthorized access to networks and the sensitive files within.

For more information, visit: