Reading Time: 2 minutes

Diffent products are implementing a security model called “four-eyes principle” (also know as the two-person rule). For example Veeam Backup & Replication (starting with v12) has the Four-Eyes Authorization feature to protect some crucial operations.

But what is the four-eyes (4-eyes) principle and how does it work? First to all is nothing related to software or security but instead a way to minimize the human errors and can be appliable also to non IT activities.

The four-eyes principle means that a certain crucial and critical activity (prone to human errors) must be approved by at least two people. This controlling mechanism is used to facilitate delegation of authority and increase transparency but also minimize errors or (in security) attack.

Nothing new, we have seen this principle several times in TV series and movies:  is the manner in which missile launching crews are organized. Two keys for two different people (in all movies), two separate consoles in the real world…

Or to be less drammatic, in airplane pilot organization with at least two pilots (hoping that they eat diffent things, if you remember a famous movie):

In IT you don’t need both people at the same time to do the operation: usually the first automaticall requires the approval of another admin/operator and the notification will be send in different way (e-mail, client notification, …). And there is a limited amount of time (usually some hours or days) to confirm the operation.

But also this model can be attacked. If an administrator can create another administrator account… that’s it! One guy can have two users and confirm his operation byself.

For this reason, is needed a strict roles separation, at least on who manage users and account and who can manage the different critical operations!