Over the last ten to fifteen years, the way we interact with technology at work has fundamentally shifted.
Once, it was common to travel to work, enter the office using a physical keycard, sit down at a wired desktop, and enter a password.
Most, if not all, IT endpoints were connected to a physical network, generally wired up to a server.
In this context, privileged access security was much more straightforward. If you could control access to a user’s specific machine, you could happily assume they were safe once they’d logged in.
Then, the cloud changed everything.
In a remote-first, multi-device world, organizations have to be much more targeted and tactical about the security measures they use and where they apply them.
This is where least privilege comes in.
Today, least privilege is essentially the bedrock of modern privileged access. The principle dictates that access should only be given to accounts that absolutely need it.
Ideally, it should also be extended to ensure access is only given when it’s needed as well.
On the surface, this is fairly straightforward.
But as we’ll discover, implementing that principle can be a more complex business.