In the military, they have a well-known phrase that happens to succinctly describe the definition of the least privilege principle: ‘Need-To-Know Basis’. For the military, this means that sensitive information is only given to those who need that information to perform their duty. In cybersecurity, it’s much the same idea. The ‘least privilege’ principle involves the restriction of individual user access rights within a company to only those which are necessary in order for them to do their job. By the same token, each system process, device, and application should be granted the least authority necessary, to avoid compromising privileged information.
There have been quite a few security breaches to hit the news in 2018. As each story broke, it seemed like it couldn't get worse, only to find that the next data breach was just around the corner, and even more severe, exposing the data of millions of customers worldwide. We have had a few of those this year.
WALLIX is positioned in Gartner’s first Magic Quadrant for Privileged Access Management (PAM)
A recent cybersecurity news item should trigger concern for anyone involved in cloud-based software development. As reported in CSO, an attacker breached a popular Node.js module. After building trust and gaining owner-level access, he or she was able to push a compromised version that hid Bitcoin and Ethereum hot wallet credentials for malicious purposes in the code.