A Startup where Nobody has Root

If I were to start a startup today I would aspire to ensure nobody in the organization has root on anything. This is my information security dream. This might sound crazy to people, but let me explain.

By “having root” I mean having administrator privileges. This might mean the ability to take actions as the root user using sudo.

How would this work in practice?

On the server side, using Google App Engine or Heroku you can avoid needing root access both on the server and in your development environment.

On the client side, the best way I can think of avoiding this is giving everybody Chromebooks. The hardest part of this plan would likely be convincing developers to switch away from using MacBook Pros. This is not something I attempt to cover in this post. The developer workflow would involve using Termux, SSHing into machines, or using a web-based IDE like cloud 9.

This wouldn’t prevent all possible attacks on the organization, but it would prevent things like keyloggers and persistent malware. It would also significantly hinder an attacker’s lateral movement.

Once everything in the company is root-less, this post about hardening your Google apps goes further into preventing attacks in a cloud-only environment.