'Least Privilege' Engineering to Gain Momentum

Human error and evolving phishing attacks will compel organizations to tighten control over application access, not just user access

ALLENDALE, N.J. -- Guardian Digital, the open source security pioneer, forecasts an increased need for comprehensive control over Internet and employee resources with 'least privilege' engineering in 2008. "Most vendors don't stress least privilege enough in their development architecture, especially with the increasing threats from human error and employee liability" says CEO Dave Wreski.

"Security in 2007 has shown just how effective attackers can be at gaining authorized access to corporate resources. One of the best ways to protect against this is to lock down application access, not just user access."

Analysts are in agreement that phishing attacks will increase to an unprecedented level in 2008, especially targeted attacks made possible from social networking sites. As a result, Guardian Digital forecasts the new year will mark renewed buzz on the advantages of 'least privilege' in platform and application development.

Least privilege is the concept of giving access to applications based only on what is required for them to work, and no more. Pursuing this strategy can provide a tremendous benefit for security. Since application access is minimized, corporate resources remain much more secure, something that can be difficult when the platform and applications come from different vendors.

"The increased effectiveness of social engineering will propel least privilege back into the spotlight this year," Wreski continues. "The buzz on network security will decrease as there is an increased focus on solutions that combine platform and application development to reduce the risk of successful phishing attacks."

Guardian Digital Inc.