Least Privilege

The principle of least privilege says every person, account, and system should have exactly the access required to do its job — and nothing more. The bookkeeper reaches accounting but not the servers; the marketing contractor edits the campaign folder but never sees HR records.

The payoff is twofold. It limits the blast radius of any compromise — a breached account can only reach what it was narrowly granted — and it keeps the whole environment legible, because access organized around roles can actually be reasoned about and reviewed.

In practice, least privilege means assigning permissions to groups rather than individuals, defaulting to shared-team ownership of data rather than personal ownership, and starting people with minimal access and adding what they need rather than granting broadly and clawing back later. Built in from the start it costs almost nothing; retrofitted later it's one of the more disruptive things an organization can take on.