The Principal’s Accounts Form a Single Trust Perimeter

Email, telecoms, devices, financial platforms and assistants share authority. Map them as one trust perimeter before the weakest transfers control.

The answer

A principal’s important accounts are not separate security problems. They are connected by recovery, notification, trusted devices, people and authority. The assessment must map transitive control across the whole system.

Providers see products. Attackers see paths.

The email provider sees an inbox. The mobile carrier sees a number. The device platform sees a trusted device. The bank sees a client account. The assistant sees a working relationship. The principal experiences them as one life. So does the attacker. Control of email can reset a platform. Control of telecoms can recover email. Control of a device account can restore messages and passwords. A convincing approach to an assistant can turn information into an exception. The weakest path can transfer authority across the rest.

Map authority, not importance

A rarely used account may carry more authority than a daily one because it can recover, approve or suppress notification elsewhere. The assessment should therefore map what each node can cause.

  • Authenticate — prove identity to another service.
  • Recover — bind a new credential or trusted device.
  • Approve — authorize a transaction, change or contact.
  • Observe — receive alerts, statements or private communications.
  • Suppress — remove evidence or prevent another person seeing it.
  • Delegate — give a person or application continuing access.

The highest-authority nodes are those that combine several of these powers.

The trust-perimeter review

  • List high-consequence accounts, devices, numbers, people and providers.
  • Record authenticators, recovery factors, trusted sessions and administrators.
  • Draw every path capable of transferring control.
  • Identify single points where one compromise grants several authorities.
  • Check whether notifications leave the compromised path.
  • Confirm that old numbers, devices, staff and providers have genuinely lost access.
  • Test one recovery and one emergency communication route.

The diagram should be understandable to the principal and actionable by the people operating the environment. A technical graph no one can use under pressure is not the final product.

Prioritize by consequence

Not every account needs identical protection. A useful priority combines reach and authority.

  • Tier one — can move value, disclose sensitive information, recover other tier-one accounts or impersonate the principal.
  • Tier two — can materially influence operations, relationships or reputation.
  • Tier three — contains useful context but limited direct authority.

Tiering should reduce noise. The office can then apply stronger recovery, monitoring, device and administrator controls to the few nodes whose failure transfers the most power.

The position

The principal does not have a collection of accounts. The principal has a distributed authority system operated by multiple companies and trusted people. Security improves when that system is finally treated as one perimeter.

Sources

  1. NIST — Digital Identity GuidelinesNIST

    Primary authority

  2. Swiss NCSC — Cyberthreat report 2025/2Swiss NCSC

    Primary authority

Jonathan P. De Collibus

Jonathan co-founded Svperior in 2014 and leads its cyber practice. His work sits where adversarial pressure, technical architecture, and consequential decisions meet, with experience across clinical, financial, public-sector, and private-client systems where confidentiality, continuity, and technical correctness carry material consequences.

Cyber strategy / Adversarial assessment / Security architecture / Private systems

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry