Just-In-Time Access: Boon or Bane?

Ensuring right access for right users to right resources is always business-critical. While organizations have evolved in making better use of technology, cybercrime evolves too. Ever-increasing threats demand continuous upgrades and new types of controls to improve cybersecurity posture.

Most organizations still follow “standing privileges” approach. In the case of critical systems and applications, permanent access is granted for premium users while normal users are completely kept out. This is like locking the windows to stop thieves, while keeping the doors wide open!

“Zero standing privileges” and “Just-In-Time” are good alternatives. In this approach, access is granted only for the required resource at the exact time of need. The access is automatically revoked when certain conditions are met – the simplest being the completion of resource allocation time.

JIT is not new. It has been a very successful practice in manufacturing for eons and we will do well to borrow the niceties of JIT to strengthen access management provisions. But JIT comes with its own complexities. Will it cause user fatigue due to placing repeated requests? Will the approvals be automatic or manual? If automatic, to what extent? Should AI be used to improve the accuracy and frequency of approvals? What happens in an emergency when timely approval does not happen?

Balancing security and user experience seems complex, but that is the need of the hour!

~ Paul

Leave a comment

Your email address will not be published. Required fields are marked *