Privilege elevation allows users to perform administrative or sensitive tasks without having standing access. The idea of just-in-time (JIT) privilege elevation sounds simple enough—grant access only when it's needed, remove standing privileges, and stay fully in control of privileged resources.
While JIT privilege elevation greatly increases the control organizations have over privileged resources, waiting for administrators to approve access requests for every privileged task is time consuming.
PAM360 allows administrators to create access policies that dictate which users can access what resources, and for how long. These policies allow non-admin users to temporarily perform admin-level tasks without needing an administrators approval.
In the context of Windows systems, self-service privilege elevation allows users to elevate their accounts to perform admin-level actions. Local users can elevate their privileges to run applications with admin rights on the specific endpoints that their accounts reside. Domain users, on the other hand, can elevate their privileges across multiple endpoints within the same network, giving them domain-wide admin-level access.
In Linux systems, privileged access management applies more to the commands that users run rather than the applications they access. With self-service privilege elevation using PAM360, users can temporarily elevate their privileges using pre-approved access policies. During this period, they can run commands that require admin-level access to execute.
Letting users elevate their own privileges doesn't need to come at the cost of control. With PAM360, administrators can set clear boundaries on what elevated users can access, limiting them to only the resources required for their task. This makes privilege misuse easy to prevent without slowing down the task at hand.
Let's say an IT technician needs to install security updates on a Windows system. PAM360 lets admins grant elevated privileges to the technician so that they are only able to access the update tool and not all resources admins generally have access to.
The same applies for Linux environments. A DevOps engineer might need to modify a system file, and instead of giving them complete root access, PAM360 allows the user to run only a specific set of commands using elevated privileges. This ensures that privileged tasks are completed without having to expose critical resources.
PAM360 brings the balance between security and efficiency that all organizations crave. It incorporates JIT privilege elevation into an organization's workflow by making access request release workflows and self-service privilege available to employees at the click of a button. As a key pillar of privileged access management, JIT privilege elevation helps organizations eliminate standing privileges and secure their privileged resources.
Yes, PAM360 allows access to be granted only when needed, and revoked, following a streamlined request-release workflow before granting every permission.
Yes, PAM360 can enforce elevation through multi-level approval workflows and custom policies. This adds an extra layer of control before granting elevated access.