3 best practices for internal security
3. Least privileges. Ever want to be king for a day? Turns out that's actually one of the best ways to manage large IT systems where multiple people need administrator access, according to Christman. Networks allow for different levels of permissions, or ability to change and control configurations, with the highest level called root, which is basically "god status," says Christman. "You can do anything you want inside the IT services. You can do all sorts of very very high level things." It's not necessary for most to operate at this level, and as a result they're granted the much more commonplace user-level accounts. When someone needs a higher level of authority, instead of granting them unlimited access, Christman says least privileges allows a manager to "grand the amount of privileges necessary for a person to do their job, no more, no less." With this system, a user can get enhanced privileges for a specified period of time when "everything you do during that time is watched and logged and audited," says Christman. "When you give the keys to the kingdom to someone, you have to know you can get them back."