4 min read time

Understanding Just In Time Access: The Basics of Privileged Access Management

by   in Cybersecurity

I think we can all agree that giving too much or too little access to other users, things, or applications can lead to more problems such as inefficiencies or compromise the integrity of your data. Resolving these issues is easier said than done. For many organizations, managing access and privileges can be very complicated for several reasons, such as the number of users or the complexity of their systems. This is where Privilege Access Management (PAM) comes in to help you manage your privileged identities and access.  

There have been several incidents where privileged access has been mismanaged and resulted in security and data breaches. For example, back in 2017 Equifax had a data breach where the personal data of over 143 million customers was stolen due to the company’s failure to patch up the known vulnerability within their systems. Implementing proper access controls could have helped prevent this, and even though this was a while ago, people are still talking about it today. 

PAM is capable of managing and monitoring the activities of privileged users like superusers and database administrators, whether they intentionally misuse their privileges or are being manipulated by cybercriminals from within the organization.  

NetIQ’s PAM system will help facilitate administrative access across your organization’s environment and include: 

  • Credential Management - Discover, store, and manage privileged credentials for users, applications, and databases from a single console. 
  • Session Monitoring - Implement credential checkout, session recording, and keystroke logging to verify privileged accounts and users.
  • Seamless Integration - Deliver a single pane of glass to manage and monitor privileged access to accounts, applications, data, and systems. 
  • Risk-based Intelligence - Integrate policy-based risk analysis or assessment of privileged credential activity to streamline enforcement and reporting. 

One incredibly important component of PAM is Just In Time (JIT) access which helps reduce the risk of unauthorized access a step further. JIT access allows users what and when they have access to specific resources or applications.  

Equifax could have benefited from JIT access. If they had implemented it, their developers and other privileged users would have only been granted access to the applications and servers temporarily. Their access would have been automatically revoked over time, greatly reducing their overall risk of a security breach. The fewer users you have with privileged access along with the less time they have with it, the better you are off.  

One of PAM’s main objectives is to restrict direct assignment of privileged rights to a user or administrative rights given through group membership. This approach ensures that all users have standard user privileges by default, and any additional privileges are granted only when required. JIT access, on the other hand, enforces the principle of least privilege, allowing privileged users to perform their essential tasks while still limiting their access to the bare minimum necessary.  

Some organizations may use JIT access more than others, depending on their security needs or regulations. For example, in the healthcare industry, medical professionals often require privileged access to electronic health records (EHRs) in order to perform their duties. JIT access provides temporary elevated privileges for the specific staff when they need them, such as accessing a patient's record during a consultation. If not for JIT access, emergency situations that require quick and secure access to patient records could have drastically different outcomes. And I think we can all agree on doing whatever we can to help our healthcare providers so they can provide care during lifesaving situations. 

Both PAM and JIT access play a critical role in ensuring the security, integrity, and confidentiality of data, and are essential components of any effective cybersecurity program. 

To help you understand more about PAM, KuppingerCole wrote this report that shows how NetIQ Privileged Account Manager has many capabilities that are essential for a PAM platform that meets a wide cross-section of recommended business IT use cases. This KuppingerCole report will help organizations make informed purchase decisions when evaluating privileged access management solutions. You can download the Kuppingercole Executive View: Privileged Account Manager here 

NetIQ has made further improvements to its Privileged Account Manager with the latest release of PAM 4.3. Below is a list of enhancements include with this release: 

PAM 4.3 Release Overview: 

  • Delegated Administration 
  • Just In Time Secrets Framework 
  • Support for AWS (Dynamic Secret) 
  • Direct Secret Read Ability 
  • Cert Issuer Resource Type – PKI and SSH 
  • Advance Filters for User Roles and Resource Pool creation 
  • UI Migration of old Console 
  • Submit User for WebRDP 
  • Security Fixes and Improvement 
  • AppSSO improvements 
  • Default PAM landing page changed to New Console 

More About NetIQ 

NetIQ is a global enterprise software company that provides organizations with innovative solutions for identity and access management, security and compliance, and privileged account management. With a focus on delivering world-class products and exceptional customer support, NetIQ helps businesses improve their security posture, streamline IT operations, and reduce costs. 

For more on PAM and other IAM solutions visit our YouTube channel at NetIQ Unplugged. 

Other related blogs: 

Why is Privileged Access Management Important? 

Risk Aware Privileged Management 

How Privileged Account Manager Provides Least Privileged Access and Just-in-Time Access 

Labels:

Identity & Access Mgmt