What is JIT priviliged access and why is it important?

Just-in-time Privileged Access – Explained

Every company has some sensitive data and customer information to protect, therefore data access management should be a top priority for every organization.

Every company has some sensitive data and customer information to protect, therefore data access management should be a top priority for every organization. Which employees and which software have access, can edit or manage the data is a crucial security decision.

Reducing data management related risks, just-in-time privileged access management becoming a popular solution.

What is Just-in-time Privileged Access (JIT PAM)?

Just-in-time privileged access management is a strategy that aligns real-time requests for usage of privileged accounts directly with entitlements, workflow, and appropriate access policies.

With just-in-time privileged access has two main advantages; it is possible to limit the time of the granted access for critical systems and special accesses. Also, it allows eliminating accounts and access during idle times in order to have no so-called standing privilege access. With these features, it is possible to grant users just the necessary permissions and access for performing the given task.

Utilizing least privilege management approach helps organizations to minimize unnecessary risks coming from privilege escalation and broad-based privileges for administrative purposes.

A still widely used although not recommended practice is to grant privileges ahead of time, to execute later some potentially useful tasks. With this approach, the surface for possible attacks becomes extended.

Standing access means 24×7 permanent access to certain privileges and systems, despite the user might need to access only a couple of hours per week. The standing access, therefore, gives a wider window for cyber-attacks.

Following the JIT PAM principle means that the privileged users would be given only limited time access to carry out the required job. With the help of this limitation cyber criminals can’t access the organization’s systems and move across its systems and networks.

How to Implement Just-in-Time in Private Access Management?

We should think beyond the basic privileged access management approach, focusing only on vaults and session management.

First the privileged users and accounts get authenticated to receive the credentials going through a PAM software; after which the PAM software monitors and logs the sessions. These practices should be complemented with a zero standing-privilege approach to maximize security.

Based on the continuous spread of JIT PAM software, Gartner predicts that by 2022 40% of the privileged access activity will utilize the JIT privileged access management approach.

When choosing a PAM software, besides considering current needs of the organization, scalability should be considered as well.

At Xton, we built a modern PAM solution based on the least-privileges principle. In addition to the core PAM functionality, XTAM includes a number of workflow and job management features that support the JIT access model.

  1. Continuous Discovery of Privileged Accounts
  2. Enforce Roles Based Policy Management
  3. Ability to Provide Temporary Elevated Privileges
  4. Monitor, Record, and Report on Each Privileged Sessions

Using Xton Access Manager while incorporating a just-in-time privileged access management strategy will minimize the number of privileged accounts and provide better control of active privileged accounts. This will result in the right people and processes will be able to perform the required tasks on strategically significant computers with minimal possible permission levels to reduce possible cyber-attack risks.

Mark Klinchin