Audio Cast:

Takeaway Points:

• Just-in-Time (JIT) access is a modern approach to access management

• The idea being access is granted to a resource only when it is explicitly needed - and only for the specific duration required.

• That “time” aspect could be explicit - with access given for 10 minutes, or more contextual. For example access is linked to a service ticket and is granted until the ticket is closed.

• Key aspects of JIT access:

  • Principle: It allows identities to request access only when needed and only for as long as needed.

  • Goal: It is critical for minimizing the identity attack surface and enforcing a least-privilege principle.

  • Context: It is part of a strategic shift toward an Identity-Native, API-first model to secure high risk systems, modern production infrastructure and modern privileged access management (PAM) systems.

• This concept is often paired with Zero Standing Privileges (ZSP)

• ZSP relates to accounts having no permanent access rights - no existing provisioning exists.

• Key aspects of ZSP:

  • Core Principle: It means that a user, machine, or service has no permanent user access permissions to a resource.

  • Mechanism: When access is needed, it is dynamically granted using a “Just-in-Time” (JIT) approach, which provides access only for the specific task and time required.

  • Benefit: The implementation of ZSP holds promise to reduce risk by significantly minimizing the identity attack surface. In essence, adversaries cannot exploit standing privileges if those privileges do not exist in a permanent state.

• How to implement? This depends on whether existing or new accounts and permissions are under analysis.

• Essentially some key concepts need to be considered:

  • inventory creation of accounts and permissions

  • identify and analysis risk

  • automated removal of unused access

  • access request functions for gaining access via policy

  • manage approvals and removal post usage