Just-in-time access (JIT) explained

To better understand what JIT access is, it’s good to know that it’s part of the broader zero trust security policy. According to this policy, every user and device attempting to connect to the network must be verified. Only then can it get the necessary privileges. JIT goes a step further – even if a user is trusted, their access to privileged accounts should be temporary and strictly controlled.

Privileged accounts pose risks to organizations’ cybersecurity and often become targets of attacks. Hackers use various methods to access and abuse privileged accounts, such as phishing or simply stealing employee login credentials. Getting access allows them to roam networks, steal data, infect systems with malware, and cause serious problems that can lead to legal and reputational consequences.

This is where the importance of JIT comes from. JIT access means that users get access to critical systems and data only when they need it to do their jobs. After that, their access gets revoked. Doing so minimizes users’ access time to critical data and reduces the chance for attackers to abuse these privileges.

JIT access can be divided into types that differ in how users get additional permissions:

Justification-based access

This type of access assumes the existence of privileged accounts that are stored in the system and secured. The credentials for these accounts are secret, centrally managed, and regularly rotated to reduce the risk of theft.

When a user needs privileged access in a justification-based access system, they have to explain why. If their request is accepted, they get access to the privileged account, but only for a limited time.

Ephemeral accounts

This type of JIT access involves creating one-time accounts with a short lifespan. They are created when a user needs increased privileges for a certain task and deleted when they are no longer needed.

Ephemeral accounts are most often used to grant privileged access to guests and low-level users. Deleting them reduces the number of stray privileged accounts that may later become a security threat.

Privilege elevation

Privilege elevation (or temporary elevation) access involves granting more access rights to existing user accounts, rather than giving the user access to privileged accounts. If the user needs access to certain resources, their account gets the permissions, which are removed after a specified time.

Why implement just-in-time privileged access? There are several benefits, including:

• 

  Reducing attack opportunities. If no one has permanent access to critical parts of the infrastructure, it’s also difficult for attackers to abuse it. JIT access makes an organization’s most important resources better protected. It still lets employees use these resources when they need them, but limits access times and introduces strict control.
• 

  Safer third-party access. Granting access to a third-party user can be a risk, but is sometimes necessary. Visitors, contractors, freelance employees, or service providers may need increased privileges, and JIT access allows this in a safer way. Third parties can use either one-time accounts or temporary permissions, which will be removed when no longer needed.
• 

  Streamlining collaboration. The JIT system enables collaboration between employees who normally don’t have access to the same resources. In a JIT system, they can ask for temporary access to data, applications, and networks they need to collaborate on a task. This access is only for a limited time.
• 

  Enabling automated processes to operate. Some automated tasks require specific privileges, and managing them manually can become tedious. JIT access reduces the need for manual management. Accounts and permissions can have timeframes and expiration dates approved by the system administrators.

JIT access aims to increase security and improve the organization’s operations, but it also has certain drawbacks.

• 

  Need to transform systems. Implementing JIT security requires transforming the way the entire IT infrastructure works. Since everything is based on users and their access rights, system administrators need to review all existing accounts and their privileges and adjust them. This process can be complicated and take a lot of time, especially in large organizations.
• 

  Risk of misconfiguration. JIT access is also prone to errors. Inappropriate configuration can make JIT access a threat to the company, even though it was supposed to enhance its security. For example, overly long access timeframes and poor policies can increase the risk of data breaches and other threats. On the other hand, employees must be able to access resources when they need them to remain productive. JIT policies that are too restrictive can cause downtime for the company.

In a JIT system, regular access privileges are completely removed. Any user who wants to access certain resources must ask for permission, and once they perform their task, access is withdrawn.

A typical JIT workflow might look something like this:

• You need to do a task for which you need to access some data, so you send an access request.
• The request awaits approval. The approval process can be manual or automated.
• If the request is accepted, you’ll get the access you need. The extra rights can be added to your user account (privilege elevation) or you can get access to a separate privileged account.
• After you finish your task, your additional privileges will be revoked.

For organizations planning to implement JIT access, here are some useful practices to follow.

• Implement access control policies. Before starting with JIT, review all existing user accounts and decide what level of access they need for their daily duties. Give them only the minimum access to reduce the risk of privilege abuse as much as possible.
• Start with the most privileged accounts. It’s a good idea to start JIT implementation with the most privileged accounts, and only then move on to the less risky ones. The more privileges, the greater the chance that the account will cause damage to the organization. It’s a gap that should be addressed first.
• Monitor the new system. Monitoring helps make sure the JIT system is working. Access requests should be logged and audited. This increases transparency in the organization and helps spot any anomalies and threats.
• Secure the credentials. If you store privileged accounts, secure them. In a JIT system, credentials should be kept safe and regularly updated. Used passwords should be deleted. The privileged accounts’ credentials should remain unknown to the users.