Transforming Security: The Principle of Least Privilege

This is the first in a series of three articles and videos featuring VMware’s Tom Corn, SVP, Security Products, and Shawn Bass, VP and CTO, End-User Computing, discussing security transformation and what it means for the future of networking.

Network security is undergoing a profound transformation. According to Tom Corn and Shawn Bass, it is a fundamental change that is being driven by issues with securing the interactions between users, applications, and data. These issues, they agree, are common to both the data center and the end-user computing sides of the security paradigm.

Parallel Lines

A primary challenge to both end-user security and data center security is the way the two have fallen behind the vast changes that have transformed both. On the end-user side, the massive amount of device proliferation, the consumerization of IT, mobility trends, and the emergence of cloud-based systems and services has made security, Bass says, “an incredibly complex problem to solve.” And, says Corn, the same is true on the data center side. The evolution of application architectures from static, monolithic stacks to flexible, component-based, distributed systems has made data center security far more complex.

The Principle of Least Privilege

Two trends have dominated network security in the past decade: attacks from outside the network and attacks on the user. Organizations have invested heavily in perimeter defenses and trying to prevent infiltration—but attack surface is so broad and so complex, that infiltration at some level is inevitable, and organizations continue to struggle with how to detect, contain, and respond to those infiltrations.

Given the size and complexity of modern IT infrastructures, Bass and Corn both agree that an old principle of cyber hygiene, least privilege, is the foundation for a new approach to understanding security risks and how to mitigate them. Least privilege is the concept that an application or service—or on the end-user computing side, a user or device—should only have access to the information or resources that are necessary for its legitimate purpose. It is a principle that promises to unify the approach to improving both end-user and data center security. It focuses the organization on the real risk—the applications and data—and on containing and shrinking that risk. It improves signal to noise, and it helps reduce the complexity causing misalignment and misconfigurations, which are at the heart of so many breaches.

Watch the video to learn more from Tom Corn and Shawn Bass about how the principle of least privilege helps transform security.