A company is reviewing its operating policies.
Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?
Ensure that employees have access to all company data.
Expand employees’ permissions as they gain more experience.
Grant all privileges and access to all users.
Apply security requirements at all layers of a process.
Explanations:
Granting access to all company data does not align with the principle of least privilege.
Expanding permissions with experience can lead to excessive privileges beyond job requirements.
Granting all privileges to all users increases security risks and violates least privilege.
Applying security requirements at all layers aligns with defense in depth, a core security principle.