Get to Least Privilege and stay there
Tough to enforce. Tougher to know when to enforce it. Critical for cloud operations
Least privilege means giving an identity (user, role, and/or service) only those privileges which are essential to perform its intended function.
It’s a restrictive policy, but critical for environments with sensitive data. Enforcing it requires a deep knowledge of activity and potential access for all identities.