The principle of least privilege (POLP) is a policy in which end users are given only the amount of access they need to carry out their jobs — nothing more and nothing less.
Understandably, some end users aren’t thrilled with POLP, because once enforced, it means they can no longer access certain non-essential apps, tools and networks. In some cases, it can involve removing interfaces such as USB ports from devices so that end users cannot unintentionally facilitate an infection by copying malware-laden files from a USB drive – or intentionally exfiltrate confidential information by copying it to a USB drive.
However, POLP is not designed to punish end users and make their lives more difficult. Rather, it is meant to minimize the size of the attack surface, and ultimately reduce the likelihood and severity of a cyber attack. This is especially important now that hackers routinely exploit compromised low-level accounts in order to spread laterally across devices and networks, and ultimately access critical systems and sensitive data.
Read the complete article here: https://blog.devolutions.net/2019/01/principle-of-least-privilege-polp-what-why-best-practices