How Separation of Privilege Relates to Least Privilege & Separation of Duties
Privilege separation complements the security principle of least privilege (PoLP), which mandates that users, accounts, and computing processes only have the minimal rights and access to resources that they absolutely need.
Let’s examine how this may work in practice. Take, for instance, an IT worker (“wearer of many hats”) at a very small company. This employee may have access to a standard user account, a Domain Administrator Account, and a Local Administrator Account—and still conform to a least privilege access model if all the rights and access within those accounts were actually needed by the IT worker to perform their job.
Working together, least privilege and privilege separation enable workers to perform their duties, while minimizing the opportunity for an attacker to “land and expand”. For instance, if a user who is logged in to an administrator account clicks on a phishing email and the account subsequently becomes compromised, the malware or hacker will have the same privileges of that account—which is considerably more dangerous than had the employee been only logged in as a standard user account.
Often, malware requires elevated code to execute in the first place. So, if least privilege and separation of privilege are adequately enforced, even if a non-privileged account is compromised, there is nothing for the malware to do and nowhere else for it to go.
Also closely related to, and often overlapping with, separation of privilege is the concept of separation of duties (SoD), which promotes the practice of separating tasks and functions between different roles to provide a layer of accountability and to help prevent fraud. In IT teams, one common example of SoD is separating the duties of software developer from a tester. This division of duties amongst team members helps to prevent conflicts of interest, while providing extra oversight.
In the event of an insider attack or compromise via malware or a hacker, segregation of privileges, separation of duties, and least privilege all play key roles in helping to ensure that beyond the initial point of compromise or exploit, other lateral privileged users/accounts or system/application components are not impacted.
Privilege separation, least privilege enforcement, and separation of duties, can all be enforced programmatically via policies and technologies, such as with privileged access management (PAM) solutions.