Definition
Just-in-time (JIT) access is a security principle that grants permissions only when required to perform a task and expires after that. It helps to minimize attack surfaces by reducing the duration of privileged access.
Just In Time Access Application
- Emergency responses: if a critical incident occurs, you can use JIT to give specialists the permissions they need to address the issue.
- Contractor projects: Organizations can give contractors and freelancers temporary access to perform specific tasks. The access is revoked upon completion of the tasks.
- Audits and compliance checks: Auditors are given JIT access to sensitive data to only view what they need for their work.
- User role transitions: Employees transitioning from one role or department to another get appropriate access rights to start their new positions.
- Infrastructure management: system administrators are provided JIT permissions to make necessary changes to the system. This minimizes the risk window.
Types of Just-In-Time Access
- Broker and remove access: In this JIT access approach, users are required to justify accessing a system for a defined period.
- Ephemeral Accounts: These are one-time-use accounts created for specific tasks and deleted immediately after use.
- Temporary Elevation: In this approach, users are temporarily granted elevated privileges to access specific privileged accounts or execute privileged commands on a timed basis. The access is provoked once the time is up.