Just-in-time (JIT) privileged access is a method that allows organisations to reduce the attack surface, providing system and application users with only the necessary permissions to perform their tasks. This article was first published by senhasegura.com.
JIT privileged access is an extremely effective solution, since more than 80% of the vulnerabilities reported by Microsoft in recent years could have been mitigated by removing administrator permissions from users, and more than 80% of all vulnerabilities published by Microsoft would have been eliminated by removing local administrator permissions.
However, many companies neglect the necessary measures to prevent attacks and data leaks and do not follow the least privilege policy, which plays an essential role when it comes to cybersecurity.
One of the main risks, in this sense, is associated with permanent privileges, which occur when a privileged user account remains with privileged access active for 100% of the time.
In other words, these permissions remain 24 hours ready to be used, either for legitimate activities or illicit purposes.
To solve this problem, it is recommended to adopt just-in-time privileged access, which directs users to limited privileges, when it is necessary and for the shortest time necessary.
With this, one can reduce the active privilege status of an account from many hours to a few minutes and, consequently, the risks related to this privileged access.
Why Is Just-In-Time Privileged Access Important for Businesses?
Just-in-time privileged access is essential to ensure the cybersecurity of organizations, as it makes it possible to reduce the risks associated with privilege abuse and the increase of the attack surface.
Moreover, it helps to optimize the administrator’s experience and makes it possible to maintain the workflow without interrupting it for review cycles, which usually requires a lot of waiting time.
What’s more: by reducing the number of users and privileged sessions, just-in-time privileged access improves compliance with security standards and simplifies the audit of activities carried out in the IT environment.
How Does It Work?
First of all, the user must make an access request in order to perform a privileged or simple action, if this type of privilege is provided by the implemented model.
At this point, it will be necessary to justify the requested access and define how long they need this access, a definition that can also be established by the administrator. Then they need to wait for access approval.
With this approval, the user will receive their credentials with an expiration date and will be informed about the actions they can take during this period.
After the access time, the administrator will be able to block or delete the credentials, and if the action has not been completed, the user will have to make another request to proceed.
It is important to note that blocking or deleting the credential does not exempt the need to keep access logs to ensure control and security of operations. We also add that, even remembering this data, the user will not have access, as its term has expired.
Types of Just-In-Time Access
There are three types of just-in-time access. They are:
Broker and Access Removal Approach
This type of just-in-time access makes it possible to create guidelines to require users to justify their need for privileged access and specify how long this access will be necessary.
In general, the credentials of these accounts are kept in a central vault and users use a privileged and permanent shared account.
In this type of permission, accounts are temporary, created to be used only once based on the principle of zero privilege.
This means that when the action is completed, access is removed. For this reason, these accounts are described as unique.
In this case, you can temporarily elevate privileges so that users can access privileged accounts or execute privileged commands for a limited time. When this deadline expires, access is removed.
About the Implementation
To ensure the implementation of just-in-time access in your company, you should follow some steps, such as:
Maintaining a privileged and permanent shared account, managing credentials centrally, so that they are alternated regularly;
Creating guidelines that ensure human users and machines offer explanations for connecting to target systems and applications for a limited time;
Recording and auditing privileged actions in ephemeral accounts and receiving alerts about unexpected behaviors;
Using the temporary elevation of privileges, ensuring that users can access privileged accounts or execute privileged commands for specific actions.
Just-in-time access, used to ensure the least privilege policy, is essential for Zero Trust. This model ensures organizations check who or what is trying to connect to the IT structure before allowing access, ensuring the security of sensitive data.
Just-In-Time Privileged Access and PAM: What Is the Relationship?
Ensuring just-in-time privileged access is a concern that intensifies the work of system administrators due to a large amount of revocation of accesses and credential blocks, which can cause frequent errors.
Therefore, an efficient way to apply this solution in your company is by automating this process through PAM (Privileged Access Management), which allows you to control privileged access to critical information.
PAM is an important tool that limits privileged access by reducing the attack surface and providing more cybersecurity for organizations of all sizes and industries.
With it, one can adopt just-in-time privileged access, control access requests, and audit the actions taken. In practice, this tool allows establishing the level of privilege of each credential, providing users only the access they need to perform their tasks.
We can also highlight some of the benefits of adhering to this solution:
Delivery of ephemeral credentials securely;
Revocation of these credentials after the defined deadline; and
Creation of accesses and provisioning of automated privileges.
By using a PAM solution, your company can reduce the number of credentials, create provisioning for a given period, and record the access logs and recordings of the sessions performed using credentials.
Just-in-time is based on a management philosophy applied in Toyota factories until the 1970s. This methodology was introduced by Taiichi Ohno in order to meet customer needs while minimizing waste.
In this sense, just-in-time manufacturing presents the following proposals:
Kanbans, which interrupt processes that are not working;
Jidoka, which provides autonomy for machines to perform tasks, making employees more productive; and
Leveled production, which optimizes the flow of products through the industry.
Implementing this business practice requires teams to focus on the process, eliminating unnecessary actions and seeking to solve a specific problem in the best possible way.
More recently, information security was inspired by this model to create just-in-time privileged access, aimed at eliminating unnecessary access.
This form of data protection and critical resources makes it possible to provide access for a specific purpose for a given time, elevating privileges only in the contexts in which they are needed.
However, for this model to be secure and easy to use, it is essential to provide an audit trail of the actions performed.
When it comes to information security, we from senhasegura are a reference. After all, we efficiently perform the job of ensuring the digital sovereignty over privileged actions and data of the organizations that hire us in more than 50 countries.
In this way, we avoid data theft and track the actions of administrators on networks, servers, databases, and devices in general.
We also provide compliance with audit requirements and the highest standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.
senhasegura offers Privileged Access Management (PAM) as one of its main solutions, which provides control over the access of sensitive data to corporations.
The great efficiency of senhasegura PAM is justified by the possibility of combining security strategies and technologies that offer the user only the indispensable access to perform their functions within a certain period.
Through senhasegura PAM, one can reduce the most diverse cybersecurity risks within an organization, as this tool reduces insider and external threats.
Using this tool, you can rest assured your company will be protected from intentional or accidental damage, interruption of operations, loss of credibility, and incalculable losses.