GRANT PRIVILEGED ACCESS TO SYSTEMS FOR PRE-DETERMINED PERIODS, ONLY AS NEEDED
A least-privilege approach to PAM is best achieved by implementing “Just-in-Time (JIT), Just Enough” controls for privileged access. Centrify Identity-Centric PAM solutions empower organizations with more granular control and accountability based on individual identities, to know which systems an administrative user accessed, for how long, and to leave zero standing privileges when done.
Least-Privilege Based on Just Enough, Just-in-Time (JIT) Access
While some PAM vendors trying to sell Just-in-Time (JIT) privilege — or JIT PAM — as the next great thing in Privileged Access Management, just-in-time has been a core component of Centrify’s approach to least-privilege access for years. Essentially, this approach grants privileged access to administrators for only the minimum amount of time needed to complete the task — no more, no less. If they need more time, we make it easy for them to request it and finish the job. Then the temporary entitlements are removed, with the goal being to leave zero standing privileges.
Centrify goes beyond JIT PAM to also enforce just enough privilege, meaning that we can restrict least privilege so that the user only gets access to the target system they need to work on and nothing else. This keeps them from moving laterally during their session, using broader privilege to access other servers they may not need access to, or have entitlements to. By granting unrestricted access to resources, organizations increase risk associated with both internal and external threats. Least privilege based on the Just Enough, Just-in-Time model reduces that risk significantly.
LET US HELP YOU
Centrify’s approach to Just-in-Time (JIT) PAM is unique in that we also enable just enough access. The reality is that provisioning approaches do not solve the problem, they just make it a temporary problem. Instead, the focus should be on protecting the target asset, versus enabling logins for IT staff.
With Centrify you can:
Enforce Time-Based Role Assignment
Minimize security risk by enabling administrators to systematically request a new role to obtain the rights they need to perform tasks. Access request for privileged roles enables organizations to grant temporary privileges and roles with a flexible, Just-in-Time (JIT) model that accommodates fluctuating business needs.
Reduce Risk with Temporary, Time-Bound Privileged Access
Centrify Privileged Access Service provides a built-in access request and approval workflow engine or integrations with leading IT service management software to protect your existing technology investments.
Utilize Dynamic Access Controls
Centrify lets you configure dynamic privileges so that users can only use privilege for a specified period of time, at specific times, on certain servers or by a range of other criteria.