Least Privilege Access: The Good, The Bad, and The Better Way

Least privilege access is something all IT teams shoot for–but achieving it is easier said than done. It’s a powerful approach that grants the least amount of privilege necessary depending on who is requesting access and the context of the request. It’s the difference between having a key that works on every door and one that only opens certain rooms, depending on who you are.

It’s not uncommon for employees to have access to hundreds of company-sanctioned apps. Each employee must have enough access to do their jobs but not too much access to cause security threats or compliance issues. It’s a fine line between too little, too much, and just right.

Okta was hacked in January 2022. Hackers breached a third-party customer service firm, controlled a support engineer’s machine and used that person’s access to view Okta’s customer data!

In a “Zero Trust” environment, you assume that people will get compromised. Protecting yourself starts with reducing privileged access. Unfortunately, people often have more access than they need.