Also known as Principle of Minimal Privilege (POMP) or the Principle of Least Authority (POLA).
The POLP is the practice of restricting access so that any user, program, or process should have only the bare minimum privileges necessary to perform its function. For example, a user account created for pulling records from a database doesn’t need admin rights, while a programmer whose main function is updating lines of legacy code doesn’t need access to financial records.
The principle of least privilege can also be referred to as the principle of minimal privilege (POMP) or the principle of least authority (POLA). Following the principle of least privilege is considered a best practice in information security.
How to implement POLP
Applying POLP concepts can be as simple as eliminating end-user access to devices, to prevent access to private information, to more involved operations, such as, conducting regular audits of the access users have.
Good practice includes:
- setup all new accounts with least privilege required and then add privileges only when necessary to perform the required function;
-
when staff move roles or their responsibilities change an access control review should be conducted;
-
when staff leave the company access should be removed and the process should be documented (you can use Adoptech's Off-Boarding checklist for this)
-
conducting regular audits to review existing access granted and removing any unnecessary access.