https://www.gartner.com/doc/reprints?

id=1-1XQL30U3&ct=191106&st=sb

Remove Standing Privileges

Through a Just-in-Time PAM
Approach
Published 6 September 2019 - ID G00389807 - 25 min read

The existence of privileged access carries significant risk, and even

with PAM tools in place, the residual risk of users with standing
privileges remains high. Security and risk management leaders
engaged in IAM must implement a zero standing privileges strategy
through a just-in-time model.

Overview
Key Challenges
 Many security and risk management leaders have “business as usual” PAM practices
that violate the principle of least privilege by granting undifferentiated privileged access
to users on a permanent basis.
 PAM approaches using vaulting and session recording (basic PAM) have been
prioritized in many organizations. But their focus is on visibility and control of existing
privileged accounts and activities, which leaves privilege elevation and delegation
approaches immature to nonexistent.
 Many privileged accounts for interactive use are “fully armed” with an unnecessarily
high level of standing privileges, violating the principle of least privilege and leaving a
risk surface.
 Organizations struggle to introduce changes to privileged access operational models
because administrators and IT operations staff are used to having personal privileged
accounts they can use at their discretion.
 Recommendations
To properly mitigate the risk of standing privileged access, security and risk
management (SRM) leaders responsible for IAM should closely follow the vision of the
principle of least privilege and:

 Drastically reduce, with a goal toward eliminating, standing (i.e., “always on”) privileged
access by using just-in-time (JIT) approaches. This will ensure that privileges are only
granted when a valid reason for them exists, with zero standing privileges (ZSP) as the
goal.
 Investigate the different approaches for JIT privileged access, and choose the
combination that best balances the expected effort to change organizational practices
against the security, risk and operational outcomes.
 Map required and desired JIT capabilities against product offerings to choose the right
PAM tools (or augment existing tools with additional solutions). Keep in mind that some
capabilities are not generally available in most PAM tools but may be roadmapped by
vendors.

Strategic Planning Assumption

By 2022, 40% of privileged access activity will leverage ZSP through JIT privilege
elevation, effectively eliminating standing privileges, up from just 10% today.

Introduction
Proper management of privileged access requires following the principle of least
privilege. This principle states, broadly speaking, that someone or something should
have exactly the minimum rights required to carry out a specific task. However, many
organizations start from a point where certain users have access to highly privileged
accounts and, in many cases, personal privileged accounts, which provides them
privileged access whenever they want and with little limitation. This violates the principle
of least privilege in multiple ways:

 Rather than limiting the time when privileged access is granted (“at the right time”),
access is granted to users on a standing basis (“always on/always available”).
 Rather than limiting access to the minimum required for a particular task, privileged
accounts often have broad administrative privileges (i.e., superuser or equivalent). This
is done to cover all possible administrative tasks that may be required of the privileged
users within the near or medium future.
 Rather than granting access to the specific system or application in scope for a
particular administrative task, privileged accounts are often granted on multiple systems
at the same time, by using central authentication and directory services, allowing
access that is not required.
Without a structured plan to instill proper secure practices and processes, in
combination with the deployment of appropriate PAM tools, users will routinely receive
more privileges than required for administrative tasks. These excessive privileges
introduce significant risk. The net effect will be that PAM initiatives will have limited
effectiveness, while a considerable attack surface remains. How should SRM leaders
plan a successful PAM initiative that follows the principle of least privilege as closely as
possible?
The answer lies in drastically reducing, with a goal toward eliminating, standing (i.e.,
“always on”) discretionary access to privileges by using just-in-time (JIT) approaches for
privileged access.

When personal privileged accounts exist in an environment, even when

controlled by a PAM tool, the account and, therefore, the privileges exist,
leaving the risk of standing privileges in the environment.

Analysis
In the 2019 Verizon Data Breach Investigations Report, three of the top four attacks
represented failures in IAM practices, stolen credentials, phishing and privilege
abuse.1 The volume of news about breaches of confidential data comes at a pace that
leaves consumers numb, and creates the illusion that, given the failure of so many for
protecting confidential information, the principle of least privilege is an unattainable goal.
In the area of privileged access management (PAM), tools exist today to dramatically
reduce that attack surface. Yet, many organizations are not using PAM tools and
approaches. Or, the organizations that have created a PAM practice have stopped at
“basic PAM” (vaulting and session management). But an effective PAM practice
embraces the entire concept of least privilege, granting only the right privileges to only
the right system and to only the right person for only the right reason at only the right
time.
PAM vendors are maturing in placing tools in the hands of leaders that help them
implement the fundamentals of least privilege. PAM practices in the market have found
some success in only allowing the right person the right access to the right resource;
however, achieving this at only the right time is where many have fallen short of the
mark for least privilege.
Zero standing privileges (ZSP) is the purest form of JIT, which addresses the final
guidance of the principle of least privilege “at only the right time,” by eliminating the risk
of standing privileges. Standing privileges can take multiple forms: accounts with
continuous privileges in the form of privileged group memberships or static rules that
allow the execution of privileged commands. One very common example of a practice
that violates the principle of least privilege is personal privileged accounts. These are
accounts that are routinely issued to administrators in many organizations. These
accounts typically hold excessive privileges to a broad number of systems and are
available for use any time. When personal privileged accounts exist in an environment,
 even when controlled by a PAM tool, the account and, therefore, the privileges exist,
leaving the risk of standing privileges in the environment.
Standing privileges present a risk surface by their nature of being “fully armed and
always available,” even when under the management of a PAM tool. ZSP “disarms”
privileged accounts until the time when those privileges are really required. The
fundamental purpose of a JIT/ZSP approach is to reduce the attack surface for
privileged access abuse. Basic PAM (vaulting and session management) will
help mitigate the risk of the existence of privileged accounts. JIT reduces the risk of
privileged access abuse, and ZSP reduces the attack surface of the privileged accounts
themselves.
The fundamental approach to PAM has not changed; a mature PAM practice must still
capture all privileged risk for an organization. It remains paramount that organizations
implement a strategy and practice that successfully address the four pillars of PAM
(see “Best Practices for Privileged Access Management Through the Four Pillars of
PAM”).

ZSP is the next natural step for privileged access maturity. It “disarms”
privileged accounts when not in use, until such time when those
privileges are really required.
Briefly, the four pillars of PAM represent the fundamental approaches for mitigating risk
represented by privileged access within the modern enterprise: track and secure,
govern and control, record and audit, and operationalize. All pillars apply to ZSP and
JIT, but the first two pillars are particularly relevant to understanding why ZSP and JIT
must be prioritized in your PAM practice:

 Pillar No. 1, track and secure, ensures all privileged accounts are tracked in terms of
their life cycle. It includes discovery of all privileged access and is foundational for a
successful PAM practice. Divide access into two categories: people-based (interactive)
and software-based. Inventory and vault all accounts that provide elevated access, and
inventory and group use cases according to common patterns.
 Pillar No. 2, govern and control, eliminates excessive privileges and plans and governs
privileged access according to the privileged use patterns and use cases. This is where
JIT is critical, and a ZSP approach becomes a powerful method for eliminating
excessive privileges.
JIT is necessary to reach the minimum level of maturity in pillar No. 2, meaning
that after discovery and vaulting of all privileged access accounts is in place, the PAM
practice must be expanded to remove standing access to privileged accounts through
JIT approaches.
After basic JIT steps, ZSP is the next natural step for privileged access maturity. It
“disarms” privileged accounts when not in use, until the time when those privileges are
really required. ZSP is attained by refining and complementing existing JIT concepts.
 PAM basics like vaulting and session management help mitigate the risk
of the existence of privileged accounts. JIT reduces the risk of privileged
access abuse, and ZSP reduces the attack surface of the privileged
accounts themselves.

Remove Standing Privileges Through a Just-in-Time

Approach
The first goal of a JIT PAM approach is better IT security by removing standing
privileges, which reduces the attack surface for privilege abuse. As pillar No. 1 explains,
the first step of a PAM practice is discovering and vaulting privileged accounts.
However, even with all accounts identified and vaulted, the accounts still tend to have
static privileges attached to them (i.e., they are fully armed). To begin to mitigate this,
create operational accounts with limited privileges, for example a “tomcatadm” account
for the sole purpose of “administer the Tomcat application server.” Therefore, the
continuing maturity of a PAM program should include the elimination of personal, highly
privileged accounts, as well as any other privileged account that grants wide-reaching
and “always on” access, and migrating these use cases to JIT/ZSP approaches.
This is an acceptable next step in maturity, and significantly less risky than granting and
using personal highly privileged accounts, but it is still not the endgame in terms of an
ideal situation because:

 More accounts need to be created, each of them for a particular purpose.

 These accounts must be limited (i.e., “rightsizing” of privileges for a specific task).
 It is more expedient and manageable to create fewer accounts with more privileges than
the other way around, so there is a balance between manageability and security (more
privileges equal more risk).
Some newer JIT technologies covered in this research have the potential for mitigating
some of these issues.
Figure 1 provides a use case example comparing basic PAM approaches to JIT/ZSP.
Figure 1. A Use Case Example Comparing Basic PAM Approaches to JIT/ZSP
 In Figure 1, we compare the use cases against the activities of an employee, Joe. Joe is
an administrator for Windows systems. For the day that we outlined in the figure, these
events occurred:

 8:00 a.m. — Joe came to work and began responding to email.

 9:00 a.m. — He checked out an admin account and connected to his production task
scheduler server to check that an overnight process ran as expected. This work took
about 10 minutes. Joe then went to check on a co-worker, helping them with a difficult
script.
 10:00 a.m. — Joe attended the production meeting for servers.
 11:00 a.m. — He grabbed an early lunch.
 12:30 to 1:30 p.m. — Joe checked out an admin account from the PAM tool and
installed, configured and worked to troubleshoot a new software application on the
company’s development SQL servers. When complete, he checked the password back
in.
 1:30 p.m. — Joe worked on email and some training.
 4:00 p.m. — He checked to ensure that overnight processes were queued up and ready
to run. Then Joe read a manual about Java scripting, worked to edit a script he had
been working on, and saved it for testing tomorrow.
 4:45 p.m. — Joe walked out the door to meet his family for dinner.
For JIT/ZSP, Joe did all the work referenced in the previous example; however, at no
time did he check out a privileged account, nor does one even exist for him to do so. His
access was granted on demand, (or even automatically for approved tasks) individually
approved, limited in scope, and removed when no longer necessary. As shown by
Figure 1, the amount of risk for compromise, presented by the existence of a privileged
account available for a bad actor, was dramatically reduced.

In a JIT/ZSP model, no privileged account exists for people to use;

privileged access is only temporary, assigned, or created and removed
on demand.

The Foundational Elements of JIT/ZSP PAM

SRM leaders with responsibility for PAM must familiarize themselves with the different
methods and choose tools that support the ideal combination. They must analyze PAM
use cases to identify which ones have the potential for being addressed with JIT. Most
companies will find that a hybrid approach of vaulting, session management and JIT is
the best approach for them.
There are a number of JIT approaches available today in the market, and new
technologies and approaches have been surfacing with each having unique elements.
Gartner identifies three requisite foundational capabilities for a modern JIT approach:

 A set of processes and workflows (defined by PAM policy) that manage both privileged
access requests and fulfillments for an environment (including employees, consultants,
vendors and, potentially, software).
o For a JIT approach to be successful, some elements of adaptive access, or predefined
approval policies, should be applied to help reduce complexity and friction. For
example, using risk scoring, or predefined approvals, to automatically approve access
for a defined task in a defined time window for a defined user access request.
 A mechanism to allow privileged task execution for a normal (nonprivileged) user ID for
a defined amount of time on a defined resource, or set of resources, for a defined set of
 tasks. Or, the ability must exist to create one-time (ephemeral) privileged access that
has these same restrictions.
 An ability to record and monitor all activities completed with the temporarily elevated
access during the time of privileged access.

Investigate Different JIT Approaches to Reduce or

Remove Standing Privileges
Using JIT helps get organizations closer to the goal of implementing the principle of
least privilege through eliminating or reducing standing privileges for people. Only the
right access for only the right person to only the right system is granted for only the time
needed. This could be achieved by:

 Implementing an approved change request

 Responding to an outage or troubleshooting
 Fulfilling a service desk task to support a user
 Regular maintenance
There are multiple approaches to implementing JIT for privileged access (see Table 1).
These approaches can be complementary, and most SRM leaders will choose to use at
least two or three of these approaches in combination.

Table 1: Description of JIT Methods for Achieving ZSP

Enlarge Table

Meets Principle
Meets Zero Standing
JIT Approach Description of Least Privilege
Privileges Approach
Approach

Personal Users retain a No. On its own,  No. When personal

Privileged personal this pattern accounts exist in an
Accounts Under privileged violates the environment, even when
the Control of a account; but its principle of least controlled by the PAM tool,
PAM Tool password is privilege since the account leaves standing
vaulted, and these accounts privileges in the
access is universally environment.
controlled by a provide  Personal privileged
PAM tool. accounts should be
 Meets Principle
Meets Zero Standing
JIT Approach Description of Least Privilege
Privileges Approach
Approach

excessive eliminated in favor

privileges. of nonprivileged accounts
with privilege elevation, JIT
access or shared accounts.

Shared Accounts Shared  This pattern  No. Standing privileges from

Under the Control accounts that requires shared privileged accounts
of a Vaulting and grant privileged additional (especially highly privileged
Session access are controls like accounts such as domain
Management Tool vaulted and session admin) are still considered
controlled by a management to standing privileges, even if
PAM tool but ensure that they are under control of a
can be made usage is PAM tool.
available on accounted to an  It is possible that these
request for individual user’s accounts can be disabled
legitimate request and and vaulted to eliminate
reasons. approval standing privileges, but it
mechanisms for
may not be practical to
access to shared disable all shared accounts.
accounts.
 Shared accounts
should be limited
in terms of who,
what, where,
when and why,
but this approach
can comply with
the principle of
least privilege.

Privilege Elevation A normal,  No. This pattern No. This does not meet the
(PEDM, Sudoers) nonprivileged does not meet standard for ZSP since even
account is the principle of though the account is only
granted least privilege. used when required, the
privileged privileges granted through
 Even if sufficient
access by a policy are always there and
policy exists to
static elevation available.
refine access to
 Meets Principle
Meets Zero Standing
JIT Approach Description of Least Privilege
Privileges Approach
Approach

policy, meaning only what is

that elevation is necessary and
always available sufficient visibility
for a defined set in terms of
of tasks. recording is
available, access
to the account is
always available.

ZSP Privilege A normal, Yes. This pattern Yes. This meets the
Elevation nonprivileged does meet the standard for ZSP because
account is principle of least no privileges exist prior to
temporarily privilege if the grant of access or after
granted “one- sufficient policy the grant of access has
time” privileged exists to refine expired.
access for a access to only
defined set of what is
tasks, for a necessary and
defined period sufficient visibility
of time. in terms of
recording is
available.

JIT Group  A normal,  Yes. This pattern  Yes. This meets the
Membership nonprivileged does meet the standard for ZSP because
account is principle of least the group membership is
temporarily privilege as long temporary.
added to a as granular  The user only has access to
group, which access is the privileged access
grants privileged defined. associated with the group
access (such as  For example, if during the time of need, and
local local it is removed afterward.
administrator). administrator is
 The group the only group
membership is defined,
controlled by a excessive
tool, and users privilege is likely
 Meets Principle
Meets Zero Standing
JIT Approach Description of Least Privilege
Privileges Approach
Approach

receive or lose for users being

privileged added to the JIT
access by virtue group.
of the tool
adding and
removing them
from that group.

JIT Account  Automatic Yes. This pattern Yes. This meets the
Creation and creation of a does meet the standard for ZSP because
Removal privileged principle of least the account only exists for
account for a privilege as long the period of time necessary
period of time, as the granted for the privileged task to be
for a specific privileges are accomplished.
task. sufficiently
granular in
 The account is
nature.
deleted when
the assigned
task is
complete.

JIT Administrative  No. This pattern  Yes, under certain

Enabled/Disabled shared accounts does not meet conditions.
Administrative that exist in the the principle of  This does represent a flavor
Accounts network or on least privilege, as of ZSP, and the account,
devices can be by nature, these while disabled, cannot
enabled and accounts provide access; however,
disabled by JIT represent high that account still exists fully
approaches to levels of armed, so it must be
provide JIT privilege. managed by a PAM tool.
access.  Using this
method for JIT
will typically grant
excessive
access.
 Meets Principle
Meets Zero Standing
JIT Approach Description of Least Privilege
Privileges Approach
Approach

 Limiting access
to only critical
personal
privileged
accounts is the
way most
organizations
manage this risk.

JIT Security An ephemeral, Yes. This pattern Yes. This meets the
Tokens one-time access does meet the standard for ZSP since the
(many times a principle of least account will only exist on a
mechanism like privilege as long one-time basis, leaving no
a certificate) as the account standing access after the
account is created is task has been completed.
created for a provided granular
specific task, access, only the
device and required access
person. for the required
task on the
required system.

Built-In High-Level A handful of  Yes. These  No. These accounts cannot

Administration admin accounts accounts can function in any ZSP model;
Accounts cannot be meet the principle they must be considered
deleted or of least privilege exceptions.
disabled, but as long as they  However, the list of
represent are managed by accounts that function at
excessive a PAM tool and this level is small, and they
privileges as long as are manageable through a
(accounts like effective policies PAM tool, with defined
root, enterprise for access and processes for use, and
and domain use exist. monitored by a SIEM tool.
admin, SA).  In general, these
accounts should
not be made
available for
 Meets Principle
Meets Zero Standing
JIT Approach Description of Least Privilege
Privileges Approach
Approach

access except for

extreme
circumstances.

Source: Gartner
Map Required and Desired JIT Capabilities Against
Product Offerings to Choose the Right PAM Tools
After you have implemented a privilege discovery process, inventory and group use
cases for privileged access according to the model shown in Figure 2. Weigh each use
case against the five W’s model to define access in terms of:

 Who is requiring it?

 How often?
 When do they require it (and for how long)?
 How deep (what level) do they require access?
 How broad (where) do they require access?
 What is their justification for privileged access (why)?
Identify use cases that require infrequent access to subsegments of the environment
according to Figure 2. In general, start with the less complex use cases, for example,
small numbers of users for infrequent access to a small number of targets (the use
cases highlighted in red and orange in Figure 2). Then use the knowledge and
momentum gained through this process to move on to more complex use cases like
frequent and widespread access.
Figure 2. The Five W’s of Privileged Access
 JIT and ZSP Technology Approaches in the Market
The capabilities for providing ZSP through JIT approaches are still maturing, but there
are several examples of just-in-time technologies existing or emerging in the market.
This does not represent an exhaustive list:

 Privilege elevation and delegation management (PEDM):

o PAM vendors like ARCON, BeyondTrust, Broadcom (CA Technologies), Centrify,
CyberArk, Micro Focus, One Identity and Thycotic provide agent-based PEDM for JIT
access. Clients must install an agent on a target, and that agent has the ability to allow
a normal account to execute and elevate specific privileged commands according to
policy.
o On most UNIX/Linux systems, privileged access is provided through the “sudo”
command, which implements a policy-based JIT approach. To start, users log into a
UNIX system with their normal account. There is a “sudoers” file that defines the sudo
policy, who can use sudo and what commands are available to that user. In this
scenario, users log into the server with the normal account. When they want to perform
an administrative task, they issue the sudo command, for example,
“sudo/etc/init.d/apache restart,” to restart the Apache web server. If they are allowed by
 policy to execute this command, their normal account is granted temporary privileges,
allowing them to execute the command.
 JIT group membership:
o Microsoft has a JIT approach to privileged access in Azure AD. Clients can define
administrative access (tasks, targets) in the tenant and a framework of access
approvers. When someone needs elevated access to perform administrative tasks, they
request access through the framework, and an approver (someone who has the
appropriate decision rights to determine the necessity of access) receives the request
and approves or denies the access for a defined period of time. Access is granted to the
requestor’s normal account, meaning they are granted elevated access to perform
administrative tasks. The elevation happens by adding the account to specific privileged
security groups. Once the task is complete (or the time limit for access has expired), the
requester’s account will return to normal access (by removing the account from the
privileged security groups), and the requester will no longer have, or be able to acquire,
administrative access on their own.
o Several vendors such as BeyondTrust and Hitachi ID Systems can add users to a
security group temporarily, during the lifetime of a session as part of a vaulting and
session management approach. This approach works very well in combination with
other controls, such as privilege elevation or UNIX/Linux “sudo.”
o A vendor called Remediant can discover and visualize administrative privileges by
reading and mapping local configurations that exist on systems, for example,
/etc/passwd for Linux servers and local administrators on Windows. As a next step,
Remediant can take control and remove all users from administrative groups, removing
all administrative access. From there, administrative users can request access to do
administrative tasks on certain servers or devices, much like the Microsoft model. To
gain access on a time-limited basis, Remediant adds the normal account of that user
into the appropriate local group, elevating administrative access for that one user on
that one device. Once the task is complete, the user’s account is removed from the
group, removing standing privilege.
 JIT security tokens:
o Broadcom (CA Technologies) can generate JIT security tokens for access to privileged
AWS resources. This approach can be used for administrative access to AWS
configuration consoles, but it is particularly useful for automation to grant a well-defined
set of privileges to scripts.
o Another vendor, SSH.COM, is introducing an approach to JIT access with its “lean”
PAM approach. This approach uses “ephemeral” access, granting one-time, short-lived
certificates for elevating user access.
JIT approaches hold promise to reduce some of the complexity of PAM through
automation and policy-based approaches. Approval overhead can be reduced by
defining scenarios where administrative access is preapproved and granted
automatically when requested or automatically assigned.
 Once initial use cases are successfully leveraging JIT privileged access, map out a
migration path for the remaining vaulting and session management PAM use cases with
a goal of migrating everything except the most difficult use cases to your JIT strategy.
For smaller companies, a JIT approach is deemed “good enough” for managing
privileged access, but for most, adopting a ZSP approach through JIT represents the
next steps of maturity for PAM. The more dynamic approach of JIT holds promise for
reducing both complexity and cost for PAM projects — while at the same timing
reducing security risk. This means that in some scenarios adding JIT can actually shrink
adoption timelines and, potentially, reduce user “friction” for adopting PAM by reducing
the effort of interacting with the PAM tool to accomplish administrative tasks. Finally, as
companies migrate most of their computing to cloud platforms, a more dynamic
approach for managing elevated access is needed.

What Are the Risks for JIT Approaches?

There are no bullet-proof methodologies for PAM implementations. Even JIT/ZSP
approaches present security or operational risks that must be mitigated:

 A hacker could compromise the identity of someone who “could” be granted

administrative access for a short time.
o All PAM tool implementations, privileged access and session management (PASM) or
privilege elevation and delegation (PEDM) — including JIT and ZSP — must include
MFA, which can mitigate this risk (see “Transform User Authentication With a CARTA
Approach to Identity Corroboration” for various approaches).
 Someone who has been granted elevated access for a short period of time “could” use
their elevated access to provide themselves standing access to systems after the
elevated access expires.
o First, minimize activities to only the necessary access. For example, granting access to
install software on a server need not include the ability to modify security settings or
broad privileges such as access to modifying the local admin group. As with all PAM
best practices, all PAM activity must be recorded. Proper continuous discovery
processes are always required, as are frequent and regular reviews of access. Lastly,
any privileged access that bypasses the PAM tool (such as logging into a privileged
account without the control of PAM tools) should raise a red alert.
 Depending on the technology chosen, taking a JIT approach to PAM could be more
complex and more expensive than basic PAM approaches.
o Take a long-term approach to ZSP/JIT. Start with the “low-hanging fruit” use cases and
map out a migration path for the remaining use cases. It is likely that most organizations
will use a hybrid approach — using vaulting and session management (basic PAM) for
many use cases and adding JIT for use cases that lend themselves well to that
approach or are higher risk use cases. In addition, some newer approaches to JIT PAM
(outlined in the JIT and ZSP Technology Approaches in the Market section above) —
 like managing temporary privileges through groups or granting one-time access — hold
promise to reduce both complexity and cost, at least for a portion of the environment.

Take a long-term approach to ZSP/JIT.

Next Steps
The goal of a mature PAM practice is to implement the principle of least privilege across
all privileged access use cases. Security and risk management leaders seeking to
properly mitigate the risk of standing privileged access must continue to mature their
PAM practice through the following:

 Immediately plan for removal of all personal privileged accounts, migrating that access
into shared accounts managed by a PAM tool or to JIT/ZSP approaches.
 Upon completion of discovery of PAM use cases, weigh use cases against the “five
W’s” (see Figure 2) to find additional use cases for JIT access and to map migration
paths from vaulting and session management to JIT, if appropriate.
 Leverage the JIT capability that exists in your PAM tool, or if you’re choosing a PAM
tool, evaluate JIT capabilities of vendors (including roadmapped items) as part of your
selection process. While the entirety of PAM risk must be captured by a PAM tool,
perhaps your most prominent PAM use, Windows server access, for example, can be
addressed using a JIT approach.
 Tighten identity life cycles for users as part of an overall identity governance and
administration strategy. Governance of administrative accounts is critical in a vaulting
and session management approach. But a JIT approach depends on bulletproof identity
life cycle management that guarantees no unauthorized users have access. Remember
that normal user accounts have the potential to be granted administrative JIT access;
thus normal accounts must be properly secured.

Evidence
Gartner recorded over 550 inquiries on PAM over the past 12 months. In talking with
clients about PAM, they regard it as a top security initiative, with clients at various
stages of maturity in implementation.
1
“2019 Data Breach Investigations Report,” Verizon.