Security FoundationsAlso called: "least privilege", "minimal privilege"
The principle of least privilege limits blast radius. If a user account or API key is compromised, the attacker can do only what that identity was allowed to do.
Common gaps
- Standing admin access in production environments.
- Shared credentials stored in chat or wikis.
- Service accounts with overly broad permissions.
Good habits
- Use role-based access with time-bound elevation workflows.
- Automate access reviews and revoke stale permissions.
- Require just-in-time access for privileged tasks.
Explore More Security Foundations
View all termsAttack Surface
The total number of points where an unauthorized user could try to enter data into, or extract data from, an environment.
Read more →Zero Trust Architecture
A security model that assumes breach, requiring continuous verification of every user, device, and workload regardless of location.
Read more →