Granting full access is easy.
Everything just works.
I did it for years, in the name of speed.
Then I watched one small compromise
turn into access to everything.
That’s when least privilege
stopped being a rule
and started being self-protection.
Now I ask a smaller question:
what does this actually need?
And I grant exactly that.
It’s more work up front.
It’s a far smaller disaster later.
Least privilege isn’t bureaucracy.
It’s the size of the blast radius
you’re choosing in advance.
– Serguey Asael Shinder
Leave a comment