Although external cybersecurity attacks and malware make for sensational headlines, the biggest security threat most organizations face comes from trusted insiders with privileged access to sensitive data. Cybersecurity Insider’s 2020 Insider Threat Report reveals that 68% of organizations report that insider attacks are becoming more frequent and that they feel vulnerable to them.
The security challenge of standing privileges
One of the basic principles of data security is providing least privileged access, which reduces your risk surface by only allowing specific privileges for specific purposes. However, this principle is easily violated by standing privileges — account privileges that are always available, even when not needed — which provide a perpetually available attack surface.
Use of accounts with standing privileges is very common; in particular, many organizations issue privileged accounts to all administrators in the mistaken belief that they need unrestricted access to effectively do their jobs. These accounts often include access to more systems than necessary and are always available for use, which violates the principle of least privilege.
As long as the accounts — and, by extension, the privileges — exist, the security risk remains.
What are just-in-time permissions?
A just-in-time (JIT) permissions model reduces the privilege attack surface to only the times when privileges are actively being used, as opposed to the 24/7 attack surface of always-on privileges.
When a user needs to complete an activity that requires elevated permissions, they complete a request describing what the task is and the resources they need to do it. If the request is approved, they are provisioned with a temporary identity with just enough privilege (JEP) to complete the task. Once the task is completed, the identity is disabled or deleted.
However, it’s important to know that not all JIT access solutions actually reduce the attack surface area. Some vendors create accounts that are provided to users upon request, but the accounts remain active after use, with all of their permissions intact, instead of being disabled or deleted. This is often true of privileged access management (PAM) tools and password vaults.
As long as privileged accounts exist, all of the risks of standing privileges remain in your system.
Why are just-in-time permissions important for your organization?
Securely implemented JIT permissions offer multiple benefits:
- Stronger cybersecurity. JIT permissions significantly reduce the risk of access credentials being stolen by attackers and used to access sensitive data or move laterally through your IT ecosystem. It also reduces the risk of credential misuse, either malicious or negligent, by account owners.
- Simplified administration. Implementing JIT privileged account management empowers admins to access the resources they need quickly while eliminating all the management tasks associated with standing accounts, such as frequent password changes.
- Compliance. Implementing the least privilege principle and establishing control over privileged accounts are requirements of all major compliance regulations. Auditors pay special attention to these areas, and gaps can lead to steep fines. Eliminating standing privileged accounts helps you avoid audit findings.
Approaches to just-in-time administration permissions
There are several different approaches to JIT permissions. Look for the one that best balances your organization’s security, risk, and operational objectives, and also consider the effort it will take to change your current procedures.
- Temporary elevation. A user’s own account is granted extra permissions for a limited amount of time. When the time is up, the additional access is revoked
- Broker and remove access. One or more standing privileged accounts are created and their credentials are stored in a central vault. Users must provide a justification when requesting to use one of the accounts to access specific systems for a specific amount of time.
- Zero standing privilege (ZSP). There are no standing privileged accounts. Instead, temporary privileged accounts are enabled or created based on specific needs and destroyed or disabled after use. Privileged access must be requested for the time required to complete a particular task that requires elevated permissions for a specific system, database, or application. If the request is approved, access is granted. Once the task is completed, the access is revoked.
Benefits of Zero Trust framework
As part of your organization’s ongoing risk management and data security strategy, you should work toward a goal of zero standing privileges. Eliminating “always-on” privileged access in favor of JIT permissions help ensure that systems and data are accessible only when there is a valid reason to do so.
A quality ZSP solution can help your company implement multiple Zero Trust best practices, including the following:
- Segregation of duties: No user or device should have full access to all IT sources.
- Least privileged access: Users and devices can access only the resources they need.
- Micro-segmentation: The IT environment should be split into different security zones that require separate authorization.
- Just in time access: Users and devices gain elevated access only when required and only for as long as required.
- Auditing and tracking: A log is maintained of every request for elevated access, whether that access was granted, and when it was revoked.
How Netwrix can help
Netwrix privileged access management (PAM) software replaces standing privileged accounts with just-in-time privileged access: Admins are granted just enough privilege for the task at hand, for only as long as required to complete that task. As a result, there are no highly privileged accounts for hackers to compromise or for account owners to accidentally or deliberately misuse.
Netwrix PAM solutions can help your organization:
- Reduce privileged access security risks — When an admin needs elevated rights to perform a particular task, you can either create an ephemeral account with the necessary permissions or temporarily elevate the permissions for the user’s existing account. In either case, the elevated access disappears immediately once the task is complete.
- Further secure privileged access — Validate identities in accordance with Zero Trust principles by enforcing contextual multifactor authentication (MFA) for each privileged session using granular policies tailored to specific actions and resources.
- Spot improper privileged activity — Closely monitor all privileged account activity and be alerted immediately about suspicious behavior.
- Minimize your attack surface with automatic cleanup — Mitigate the risk of Pass-the-Hash, Golden Ticket and related attacks with automatic purging of Kerberos tickets after each privileged session.
- Regain control over access rights — Know exactly who has access to critical systems so you can reduce access to the absolute minimum as required to enforce the least-privilege principle.
- Maximize productivity with software integration — Leverage previous investments by integrating Netwrix solutions with your existing tools, such as LAPS, your vault or your SIEM.
Frequently Asked Questions
1. What is JIT security?
Just-in-time security involves granting a user access to a specific system or database for a limited amount of time. It dramatically reduces the cybersecurity risks posed by “always-on” privileged accounts by limiting access to sensitive resources.
2. What is just-in-time privileged access?
Just-in-time privileged access is a data security method that allows users for a valid, specific need for a limited amount of time. It’s a more secure alternative to standing privileged access, which allows broad privileged access that’s always available.
3. How does zero standing privilege differ from a password vault?
A password vault is one approach to providing JIT privileged access — users must specifically request the credentials to a privileged account in order to perform a particular task that requires elevated access. However, privileged accounts exist even when they are not being used, which puts the organization at risk. Zero standing privilege does away with privileged accounts; instead, when a user needs elevated access, they are provisioned with a temporary account with just enough privilege, and that account is deleted afterward — which makes it a far more secure approach to privileged access management.
