The principle and benefits of Least Privilege are long established in Computer Security—dating back to the 1970s. Despite this it is far from universally adopted. Technologies used to define and enforce Least Privilege policy are arcane to most in the computing industry. Software developers are incentivized to ship products and features, so they focus on what helps them work fast: wildcards in policies, if they even have one.
Traditional attempts to counter this typically require system administrators or security staff to perform manual reviews and craft security policies in response. As application complexity and development velocity increase it becomes impractical to manually determine Least Privilege ahead of time. A central policy gatekeeper doesn't scale efficiently and is likely to negatively impact delivery velocity.
Our approach at Netflix combines gathering data about how applications interact with their environment and automatically adjusting the permissions in their security policy. Unused permissions are automatically removed from application policies across our environment without manual effort from developers or the security team. This approach gives us the best of both worlds: the security team gets least privilege policies and developers maintain high velocity. During this talk we'll describe how this works in our environment, challenges we've overcome along the way, and recommend other applications for the same methodology.