Temporary elevated access management (TEAM) access methodology helps organizations elevate privileges for human and non-human users in real time to provide granular access to an application or system in order to perform a necessary task. Similar to the just-in-time (JIT) access methodology, TEAM helps security professionals provision secure privileged access by minimizing standing access, a best practice recommended by cybersecurity industry analysts.
TEAM means that users are only able to access privileged accounts and resources when they need them. Instead of granting always-on (or standing) access, organizations can use TEAM to mitigate the risk of privileged account abuse by significantly reducing the amount of time a cyberattacker or malicious insider has to gain access to privileged accounts before moving laterally through a system and gaining unauthorized access to sensitive data.
TEAM is a tool that helps enforce the principle of least privilege to ensure human and non-human identities are given the minimum level of privileges necessary to perform their tasks. TEAM also helps ensure that privileged activities are conducted in accordance with an organization’s identity and access management (IAM), IT service management (ITSM) and privileged access management (PAM) policies for its entitlements and workflows. It is essential that any TEAM strategy enables organizations to maintain a full audit trail of privileged activities. This way organizations can easily identify who or what gained access to which systems, what they did at what time and for how long. Some agent-based privileged access management solutions provide organizations with the additional ability to actively monitor sessions and terminate risky privileged sessions in real time.
How to Enable TEAM
The following is a typical workflow for enabling TEAM within your environments. Keep in mind that users start out with zero standing access (i.e., no privileges) by default.
- A human or non-human user requests privileged access to a server, virtual machine or network device.
- The request is verified against a pre-approval policy or is reviewed by an administrator who has the power to grant or deny the request for short-term privileged access. This approval process can be automated to reduce friction for end-users and operations teams.
- After gaining approval, the human or machine user is elevated to the access needed to enter the system and perform their specified task. This access can last for only a few minutes or for a few months, depending on the user’s specific task(s) and the organization’s governance policies.
- After the task is complete, the user logs off and their access is revoked or deleted until it is needed again.
Why Is Temporary Elevated Access Management Important for Your Organization?
Temporary elevated access management helps organizations improve their overall cybersecurity posture by significantly reducing the risk of privileged access abuse and lateral movement by threat actors. It helps simplify the administrator experience by removing the need for review cycles and wait days while still maintaining current workflows. It also helps improve compliance and simplify auditing by minimizing the number of privileged users and sessions and providing full audit trails of all privileged activities.
How to Implement Temporary Elevated Access Management in Your Organization
To enforce temporary elevated access, organizations typically take one or some of the following steps:
- Maintain a standing, privileged shared account with credentials that are centrally managed and regularly rotated.
- Create granular policies that require human and non-human users to provide specific justification for connecting to target systems and applications that house sensitive data, for specific periods of time.
- Record and audit privileged activity across all ephemeral accounts and enable alerting and response to anomalous behavior or activity.
- Enable the temporary elevation of privileges to allow human and non-human users to access specific privileged credentials and accounts or to run privileged commands.
The use of TEAM to enforce the principle of least privilege is an important part of Zero Trust. Zero Trust models demand that organizations verify anything and everything trying to connect to systems before granting access. As many organizations accelerate their digital transformation strategies, they are shifting from traditional perimeter security approaches to the Zero Trust framework to protect their most sensitive information and data.
Learn More About Temporary Elevated Access Management