JUST IN TIME PRIVILEGED ACCESS

Provide the Right Access at the Right Time for the Right Reasons.

WHAT IS JUST IN TIME PRIVILEGED ACCESS?

Privileged accounts are often granted “always on” access, when in reality they are only required for brief periods of time. Securing access “just-in-time” (JIT) or only providing the appropriate levels of access to the right resources for the right amount of time is one capability within a comprehensive Privileged Access Management solution and can remove unneeded privileged rights. The CyberArk Privileged Access Security Solution supports the industry’s broadest menu of options for just-in-time privileged access, regardless of user type, target system or type of environment.

 

JUST IN TIME ACCESS WORKFLOW

Right User. Right Access. Right Resource. Right Time. Right Reason.

BENEFITS

By providing users just-enough access at just the right times, organizations can reduce the attack surface by providing privileged access for no longer than necessary and also reduce operational overhead and management

FOR SECURITY

As part of an overall PAM program JIT removes unnecessary standing access; Only provide access to users when and to what is required; Full monitoring and recording of sessions

FOR OPERATIONS

Reduce the need to manage additional accounts and credentials by placing shared accounts on systems and elevating on demand; Integrate with existing identity and IT management solutions.

FOR END USERS

Gain quick access to the tools needed to perform daily tasks without the need to directly interact with credentials; maintain a variety of workflows and functionality without sacrificing security.

JIT METHODS

There are a variety of ways in which organizations can implement just-in-time privileged access. CyberArk supports the industry’s widest range of methods to apply just-in-time access use cases into any organization’s privileged access management posture. The most prominent methods include:

TEMPORARY ELEVATION

Where a user’s access rights are raised for a predetermined period so they can perform certain privileged functions. Customers can use JIT Elevation and Access with Short-Lived SSH Certificates. They can also choose for alternative use cases with either an agent-based approach; JIT Elevation and Access with Core PAS (or Privilege Cloud) -or- via an agent-less solution; JIT Elevation and Access with EPM.

EPHEMERAL ACCOUNTS

Where single-use privileged accounts are created on-the-fly, and immediately deprovisioned or deleted after use. This is very popular within dynamic cloud environments. Can be done with CyberArk Privileged Session Manager for SSH & AD Bridging capabilities -or- with the AWS STS integration.

BROKER & REMOVE ACCESS

Where shared privileged accounts are provisioned and protected, but access to them is only granted if a user expressly requests access and has this approved by an appropriate authority. Can be done with Dual Control policies within CyberArk Core Privileged Access Security. For third party vendors who require access to critical internal resources for predefined periods of time, CyberArk Alero can be leveraged.

RESOURCES

REQUEST A DEMO

STAY IN TOUCH

STAY IN TOUCH!

Keep up-to-date on security best practices, events and webinars.