The Barbarians Are Inside the Gate: Least Privilege and Zero Trust

The Barbarians Are Inside the Gate: Least Privilege and Zero Trust


Stephen HeartyProduct Marketing Manager at Symantec, a division of Broadcom




This is the second article in a continuing series exploring the meaning and real-world impacts of the three tenets of the Zero Trust security model. The first is here.

The threat of malicious insiders is a problem that companies continue to have to deal with.  As an example, on September 1, 2017, law enforcement officials discovered that a former employee with a  Coca-Cola subsidiary was in possession of a hard drive that contained employee data. The information of 8,000 individuals employed with the enterprise Coca-Cola were affected by this data breach.
In that incident, the compromised data included names, Social Security numbers, addresses, ethnicity, credit card data, financial data and other information linked to employees, suppliers, and contractors. The threat of malicious insiders is a problem that companies continue to have to deal with. In another example, in 2018, a former Chicago Public Schools (CPS) employee was charged with stealing personal information from 70,000 CPS employees. The employee was a temporary IT-worker who stole the information — names, employee ID numbers, phone numbers, addresses, birth dates, criminal histories, and any records associating individuals with the Department of Children and Family services — in retaliation for being fired.
So, is there any solution to prevent these types of attacks? Yes, and it underscores the importance of the second tenet of the Zero Trust security model: enforcing least privilege. Enforcing Least Privilege Access
The focal point of the Zero Trust model is that enterprise data needs to be protected at all costs. There are three tenets, or pillars to this security model:
Secure access: No one or nothing ..