What is Just-In-Time Access?

Types of Just-In-Time Access

Temporary elevation

This is the simplest Just-In-Time method, which allows the administrator to temporarily elevate the privileges of users, and then revoke them when they expire.

Broker and remove access

This is where one or more privileged accounts are created, with the credentials being stored in a single vault. Administrators can grant/revoke access to these accounts at their will.

Zero standing privilege (ZSP)

This method involves the one-time use of accounts that are created on-the-fly for a specific purpose and deleted or disabled after use. Users are required to request access to these accounts, and they must specify the length of time they need access. Access will be automatically revoked after the specified period of time.

How to Implement Just-In-Time Access

To start with, a user (human or non-human) must request access to a resource. The request is then reviewed by an administrator, who will either grant or deny access if it meets the JIT policy requirements. It is also possible to automate the approval process in order to free-up resources.

Once access has been granted, the user is able to carry out the task for the requested period of time. After the task is complete, the user logs off and their access is immediately revoked.

The simplest way to implement Just-In-Time access would be to set up a standing privileged account that will be shared amongst users. The credentials for this account are centrally managed and regularly rotated.

As mentioned above, you will need to create policies in advance which specify how users are granted access, and how access is revoked.

You will also need to ensure that all access to privileged accounts is constantly monitored and recorded and that real-time alerts and automated responses are triggered when suspicious events take place.

Just-In-Time and Zero Trust

The traditional perimeter security paradigm is becoming less relevant as IT environments become more distributed. Employees are accessing company resources from a broader range of locations, and from a variety of different devices. As such, many organizations are shifting to a zero-trust security model, which stipulates that all users and devices must verify themselves as often as possible to access critical resources.

Just-In-Time access compliments the zero-trust model by ensuring that users have a legitimate need to access critical systems and data.

How Lepide Helps Implement and Maintain Just-In-Time Access

In order to establish policies that specify how and why users are granted access to critical resources, it helps if you first understand which resources users typically access. The Lepide Data Security Platform is a real-time auditing solution that uses machine learning techniques to establish a baseline of user behavior. Using this baseline, administrators are able to determine how access controls should be applied. This in turn will help them design their JIT policies more effectively.

If you’d like to see how the Lepide Data Security Platform can help you develop and maintain a Just-In-Time access strategy, schedule a demo with one of our engineers or start your free trial today.