Ermetic Just-in-Time Access (JIT)

Privileged access and elevated permissions expose organizations to vulnerabilities that could be exploited. PAM solutions work well on-premise because connections are based on network access, while in the cloud, access is managed using cloud-native entitlements. PAM tools originally developed for IT Admins, while the cloud is primarily accessed by DevOps teams with different needs and workflows. 

Continue reading below or download the solution brief here.

As part of a comprehensive, identity-first cloud native application protection platform (CNAPP), Ermetic Just-in-Time (JIT) Access (also known as “temporary elevated access”) enables speedy approval for as-needed access that minimizes your cloud attack surface and prevents long-standing privileges.

JIT Use Cases

• Administrative Operations: Limit permissions required to perform periodic administrative tasks
• Data Access and Management: Limit permissions required to access/modify sensitive data
• Security Operations: Elevate security operations access for cloud investigation scenarios
• Third-Party Access: Limit access of third parties (e.g. contractors,  vendors, auditors) to organizational resources
• Engineering Access: Limit access of engineering teams to sensitive environments

Solution Benefits

Ermetic JIT allows cloud administrators and security teams to grant users temporary access to cloud accounts for a predetermined period of time and on an as-needed basis. Implementing self-service JIT access allows provisioning secure privileged access and provides the following benefits:

• Minimize exposure to identity compromise by granting access for the exact period of time needed for users to complete the task
• Enable developers to make quick requests, notify approvers and gain temporary access, saving engineering teams time
• Enforce zero trust by reducing long-standing privileges, which minimizes your cloud’s attack surface
• Monitor user activity during elevated sessions and generate reports for all JIT access requests and authorizations

Facilitate Least Privilege with Just-in-Time Access Management

Ermetic’s leading CIEM capabilities provide full, deep multicloud visibility into identities and permissions, enabling organizations to provide users the right access to the right resources at the right time and for the right reasons. The Ermetic self-service JIT portal makes it easy to define who is eligible to access which resources and when, define different types of approval workflows, and easily request and grant access  based on business justification, with minimal disruption.

Automate Access Request and Consent Functions 

Minimize the risk of attackers exploiting excessive privileges by granting access for the smallest period of time needed for the user to complete the task. Ermetic JIT drives self-service workflows, empowering engineering teams to easily request and gain authorized access to required resources via Slack, Microsoft Teams or CLI. 

Minimize the Cloud Attack Surface

Ermetic grants authorized access for a predefined period of time, after which it automatically terminates the access and revokes the temporary permissions. Using Ermetic JIT, you can achieve and maintain zero standing privileges.

Achieve and Maintain Compliance

Maintain an audit trail and investigate access activity with intelligent CSPM, including audit trail information about JIT-related activity, in a dedicated view. Using built-in reports, your teams can communicate with stakeholders on internal compliance, external audits and daily security activities including user activity during elevated sessions, past requests and the underlying authorization process.

Full Cloud-Native Security without Agents

Ermetic offers agentless JIT access as part of its comprehensive Cloud-Native Application Protection Platform (CNAPP) for AWS, Azure and GCP environments. The platform automates security and compliance from development to runtime. 

Download the solution brief here.