为什么为创建安全环境的基础是最不具体的特权？

数据是新黄金。如果数据量增加，网络威胁也是如此，则将数据保护构成当务之急。至少特权（POLP）的原则至关重要。

Data is the new gold. If data volumes surge, so do cyber threats, making data protection a top priority. The principle of least privilege (POLP) crucially comes to play here. But what is least privilege, and how does it contribute to creating safer environments?

数据是新黄金。如果数据量增加，网络威胁也是如此，则将数据保护构成当务之急。至少特权（POLP）的原则至关重要。但是，什么是最少的特权，以及它如何促进创造更安全的环境？

Least privilege is a cybersecurity principle where a user is granted the minimum levels of access necessary to complete their job functions. This approach minimizes the attack surface and mitigates the potential damage from security incidents by limiting access rights for users, applications, and computing processes to the bare minimum.

至少特权是一个网络安全原则，在该原则中，授予用户完成其工作功能所需的最低访问级别。这种方法可将攻击表面最小化，并通过将用户，应用程序和计算过程的访问权限限制为最低限度，从而减少安全事件的潜在损害。

A Broader Scope of Safe Environments

安全环境的更广泛的范围

The concept of safe environments extends beyond physical safety to encompass digital safety. When we increasingly rely on technology for daily operations, cybersecurity threats become existential threats. Cybercriminals are using more sophisticated tactics, and the damage from cyber-attacks continues to rise. The principle of least privilege provides a sturdy protective layer, limiting the potential damage from these attacks.

安全环境的概念超出了物理安全性，以涵盖数字安全性。当我们越来越依靠技术进行日常操作时，网络安全威胁就会成为存在威胁。网络犯罪分子正在使用更复杂的战术，网络攻击的损害继续上升。特权最少的原则提供了一个坚固的保护层，从而限制了这些攻击的潜在损害。

However, applying the least privilege principle extends beyond simply restricting user permissions. It also includes managing Non-Human Identities (NHIs), which are machine identities used in cybersecurity. Similar to a person requiring a passport and visa to travel, NHIs need a “Secret” (an encrypted password, token, or key) and corresponding permissions from a destination server for access.

但是，应用最低特权原则扩展到仅仅限制用户权限。它还包括管理非人类身份（NHIS），这些身份是网络安全中使用的机器身份。类似于需要护照和签证旅行的人，NHIS需要一个“秘密”（一个加密的密码，令牌或键），以及来自目标服务器的相应权限以访问。

How Does NHI Management Enhance Safe Environments?

NHI管理如何增强安全环境？

The management of NHIs is fundamental to a holistic cybersecurity strategy. It focuses on securing both the identity and its access credentials while monitoring their behaviors. Key benefits of a robust NHI management strategy include:

NHIS的管理是整体网络安全战略的基础。它着重于在监视其行为的同时确保身份及其访问证书。强大的NHI管理策略的关键好处包括：

* Reduced risk: By identifying and mitigating security risks proactively, it helps minimize the likelihood of breaches.

*降低风险：通过积极识别和缓解安全风险，它有助于最大程度地减少违规的可能性。

* Improved compliance: It facilitates meeting regulatory requirements through policy enforcement and audit trails.

*提高合规性：通过政策执法和审计跟踪，它有助于满足监管要求。

* Increased efficiency: It frees up security teams to focus on strategic initiatives by automating NHIs and secrets management.

*提高效率：它可以通过自动化NHIS和Secrets Management来释放安全团队来专注于战略计划。

* Enhanced visibility and control: It provides a centralized view for access management and governance.

*增强的可见性和控制力：它为访问管理和治理提供了集中的视图。

* Cost savings: It lowers operational costs by automating the rotation of secrets and decommissioning of NHIs.

*节省成本：它通过自动化秘密旋转和NHIS退役来降低运营成本。

Implementing Least Privilege: One Step at a Time

实施最小特权：一次一步

The road to implementing least privilege starts with understanding the full scope of your environment from users to NHIs. Conducting a thorough audit will help you determine who or what has access to your system and to what extent.

实施最小特权的道路始于了解从用户到NHI的环境的全部范围。进行彻底的审核将帮助您确定谁或什么访问您的系统以及在何种程度上。

Next, it’s about defining access controls based on roles and responsibilities. It’s important to set strict policies and enforce them consistently. Lastly, regular audits and permissions reviews are necessary to ensure continued compliance with the least privilege principle. Technologies such as AI can be harnessed to automate these processes, increasing efficiency.

接下来，这是关于根据角色和职责定义访问控件。重要的是制定严格的政策并持续执行它们。最后，必须进行定期审核和权限审查，以确保继续遵守最低特权原则。可以利用诸如AI之类的技术来自动化这些过程，从而提高效率。

Striking the Right Balance

达到正确的平衡

While the principle of least privilege is a crucial protective measure, it’s also about striking the right balance. Overly restrictive access can hinder productivity and create bottlenecks. Therefore, it’s crucial to weigh security considerations against operational needs. For instance, some risk may be acceptable if it permits significant productivity gains.

虽然特权的原则是至关重要的保护措施，但它也涉及达到正确的平衡。过度限制的访问会阻碍生产力并创造瓶颈。因此，将安全考虑与运营需求之间的权衡至关重要。例如，如果某些风险允许大量生产率提高，则可以接受。

Embracing a Culture of Security

拥抱安全文化

The principle of least privilege is more than a cybersecurity best practice; it’s a mindset. It’s about creating a culture of security where everyone understands the importance of data protection and their role in safeguarding it. This cultural shift is important as the preparation of safe environments is a shared responsibility.

最少特权的原则不仅仅是网络安全的最佳实践。这是一种心态。这是关于创造一种安全文化，每个人都了解数据保护的重要性及其在维护它中的作用。这种文化转变很重要，因为安全环境的准备是共同的责任。

To sum it up, the principle of least privilege combined with robust NHI management creates safer environments by reducing attack surfaces and mitigating potential damages. It’s a continuous process that requires active involvement at all levels – from individual users to the organization’s top executives. By fostering a culture of security and implementing the least privilege principle, organizations can equip themselves better against constantly evolving threats.

总而言之，特权最少的原则与强大的NHI管理层相结合，通过减少攻击表面并减轻潜在的损害来创造更安全的环境。这是一个连续的过程，需要各个级别的积极参与 - 从个人用户到组织的高级管理人员。通过培养安全文化并实施最低特权原则，组织可以更好地装备自己，以防止不断发展的威胁。