What Australia can teach the world about least privilege

In October of 2011, President Barack Obama's administration in the US announced it was taking a number of new steps to safeguard classified information, as well as protecting government computer networks against unauthorised disclosures such as the release of thousands of pages of secret documents by WikiLeaks back in 2010. Many governments have been surprisingly slow to adopt strict security policies and technologies for their own computer systems. In Australia, however, the Government has adopted policies that strictly limit what systems are deployed and what users can do with them. These systems are configured according to the concept of least privilege, and the only applications that are allowed to run are those on an approved whitelist. Paul Kenyon of Avecto asks what US and UK public sector IT security professionals can learn from this strategy. © 2012 Elsevier Ltd. All rights reserved.