Privileged accounts have emerged as the primary target for attackers — if you examine some of the most spectacular breaches of the past few years, they all have a privileged connection. Once inside, they elevate privileges to gain access to additional servers, databases, and other high-value systems.

Make sure you are assigning the least amount of privileges to service accounts and accounts used in database connections, this will help you build your roadblock.