Restrict Access Using Just-in-time Security Practice.
To perform certain tasks as part of their business activity, some users may need administrative access to selected IT resources. Granting them full access all the time could potentially lead to various security issues. Therefore the Just in time access (JIT) comes into play. JIT allows administrators to grant access to required IT assets the users need but only for a limited time frame. This need based approach eliminates the standing privileges that bad actors could exploit and at the same time fulfilling the user's business needs. Just in time access follow a well-defined request release controls with automatic password resets.
Automated Approval Workflow and Access Management
Adhering to the four-eyes principle, no user can access critical systems without prior approval from appropriate business authority. When the users need access to a sensitive IT asset, they need to raise a request clearly stating their business need. The business approver will then review the request and grant time-limited permission for access if deemed necessary. The users will then be able to access the IT assets only during the given time. Once the time limit ends, the access will be revoked and the password will be reset automatically.
Flexibility to Grant Permanent and Temporary Access
Securden Unified PAM allows the administrators to grant permanent access or just-in-time access depending on specific requirements.
- For certain categories of users or specific IT assets/applications, permanent privileged access can be granted. This is helpful for employees who continuously work with admin interfaces.
- For other categories of users, You can selectively enforce request-release approval workflow which ensures temporary, just-in-time access.
One Time Password (OTP) or Disposable Password
Securden Unified PAM has a feature that allows users to access IT assets using One-time passwords or temporary passwords. When the access ends, the password will automatically change.
On-Demand and Advance Access Requests
Securden Unified PAM allows users to request access whenever required. This can be categorized as an On-Demand access request. Users can also submit requests in advance for planned activities. Both requests need a reason to justify their access so the administrators can verify and grant access.
Self-Service Requests
You can configure automated approvals for requests from specific categories of users such as senior developers or senior administrators. They need not have to wait for approvals. This feature comes in handy to handle scenarios like an approver going on vacation.
Fully Controlled Access and Session Recordings
Securden Unified PAM provides session management. This allows administrators to monitor the sessions in real-time and take control by terminating the sessions over any suspicious activity. Also, the recording feature allows the entire session to be recorded which can be played back anytime for forensics.
Trace Activities with Audit Trails
Every single privileged activity performed is recorded as an audit trail. A clean and complete audit trail not only improves privileged access governance but also helps organizations to comply with regulatory requirements. The audit logs include details such as who requested access, their business needs, who approved it and what they did with their access. You can also filter for a specific activity using text-based or command-based search.
