While external cyberattacks and malware often dominate the headlines, the most significant security risk for many organizations stems from trusted insiders who have privileged access to critical data. According to the 2020 Insider Threat Report by Cybersecurity Insiders, 68% of organizations have observed a rise in insider threats and feel increasingly exposed to them.
The Risk of Persistent Privileges
A core tenet of data security is the principle of least privilege. This approach minimizes risk by granting only the necessary permissions for specific tasks. However, this principle is frequently undermined by standing privileges—permissions that remain active at all times, even when not required. These always-on privileges create a constant vulnerability.
Standing privileges are widespread. Many organizations mistakenly assign privileged accounts to all administrators, assuming unrestricted access is essential for their roles. These accounts typically provide access to more systems than needed and are continuously available. This directly contradicts the least privilege principle.
As long as these accounts and their associated privileges exist, the security threat persists.
Understanding Just-in-Time Permissions
The just-in-time (JIT) permissions model limits the privilege exposure window to only when elevated access is actively required. This contrasts with the continuous exposure created by always-on privileges.
When a user needs elevated access to perform a task, they submit a request outlining the task and the resources needed. If the request is approved, the user is assigned a short-lived identity that carries only the minimal set of permissions required to complete the task. Once the task is finished, this temporary identity is either deactivated or removed from the system.
However, not all JIT implementations effectively reduce risk. Some solutions generate accounts on demand but fail to deactivate them afterward, leaving permissions intact. This is a common shortcoming in some privileged access management (PAM) tools and password vaults.
If privileged accounts remain active, the risks associated with standing privileges continue to exist.
Why JIT Permissions Matter for Your Organization
Properly implemented JIT permissions offer several key advantages:
- Enhanced cybersecurity: JIT access significantly lowers the chances of credentials being stolen and used to infiltrate sensitive systems. It also reduces the risk of misuse—whether intentional or accidental—by account holders.
- Streamlined administration: JIT access allows administrators to quickly obtain the permissions they need without the overhead of managing permanent accounts, such as regular password updates.
- Regulatory compliance: Enforcing least privilege and controlling privileged accounts are essential for meeting compliance standards. Auditors closely examine these areas, and non-compliance can result in hefty penalties. Removing standing privileged accounts helps avoid audit issues.
Different Models of JIT Administration
There are several strategies for implementing JIT permissions. Choose the one that aligns best with your organization’s security posture, risk tolerance, and operational needs. Also, consider the effort required to transition from your current setup.
- Time-bound privilege escalation: A user’s standard account is temporarily granted elevated permissions for a defined duration. Once the time limit is reached, the additional access is automatically withdrawn.
- Access brokering and revocation: A limited number of privileged accounts are maintained, with their credentials securely stored in a central vault. Users must submit a justification to access these accounts for specific systems and timeframes.
- Zero standing privilege (ZSP): No privileged accounts are kept active by default. Instead, temporary accounts are created or activated based on specific needs and are promptly disabled or deleted after use. Access is granted only upon request and only for the duration necessary to complete a defined task involving elevated permissions.
Advantages of the Zero Trust Approach
As part of a comprehensive risk management and data protection strategy, organizations should aim to eliminate standing privileges. Transitioning from persistent access to JIT permissions ensures that sensitive systems and data are only reachable when there is a clearly defined and approved need.
A well-designed ZSP framework supports several foundational Zero Trust principles, such as:
- Separation of responsibilities: No individual user or device should possess unrestricted access to the entire IT infrastructure.
- Minimal access rights: Users and devices are granted access solely to the resources essential for their roles.
- Micro-segmentation: The IT environment is divided into isolated zones, each requiring separate authorization to access.
- On-demand privilege elevation: Elevated access is granted only when necessary and strictly for the time required to complete the task.
- Comprehensive auditing: Every request for elevated access is logged, including whether it was approved and when it was revoked.
How Netwrix Supports JIT Access
With Netwrix Privilege Secure and Netwrix Password Secure, organizations can eliminate the need for permanent privileged accounts. These tools enable administrators to receive only the specific permissions required for a given task, and only for the duration of that task. This approach removes the risk of privileged accounts being exploited by attackers or misused by insiders—either accidentally or intentionally.
