Just-in-time privileged access management: are your controls keeping up?

TL;DR: Standing privileges, hardcoded tokens, and slow approval loops keep expanding attack paths in cloud-native environments, while 58% of security leaders expect identities to grow further in the next year, according to Apono’s analysis. JIT PAM matters because access review assumes privilege lasts long enough to be governed; in practice, it often persists until it is already abused.

NHIMG editorial — based on content published by Apono: 7 Tips for Just-in-Time Privileged Access Management You Need to Implement Today

By the numbers:

• 58% of security leaders expect the number of identities, human and non-human, to grow in the next year.
• Non-human identities now outnumber human ones by more than 80 to 1.
• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

Questions worth separating out

Q: How should security teams implement just-in-time privileged access for cloud workloads?

A: Start by removing standing admin paths and replacing them with request-based, time-scoped access that expires automatically.

Q: Why do standing privileges create so much risk in cloud and CI/CD environments?

A: Standing privileges create durable attack paths because they survive beyond the original business need.

Q: How do you know if JIT privileged access is actually working?

A: Look for a shrinking number of always-on elevated accounts, fewer dormant roles, and complete records showing who requested access, who approved it, and when it expired.

Practitioner guidance

• Audit standing privilege across humans and machines Run a full entitlement review across AWS roles, Kubernetes namespaces, service accounts, CI/CD tokens, and admin roles, then classify every privilege that persists beyond the task it was created for.
• Convert recurring admin access into time-bound sessions Replace always-on elevated accounts with ephemeral credentials issued through policy at request time, and make automatic revocation the default when the session ends.
• Apply the same control model to CI/CD and production workloads Treat pipelines, deployment jobs, and service accounts as governed identities that need the same least-privilege and expiry rules as human operators.

What's in the full article

Apono's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step patterns for moving from standing privileges to request-based access in cloud environments.
• Examples of how the vendor applies JIT to CI/CD, production systems, and emergency break-glass workflows.
• Practical approval flow ideas for teams using Slack, Microsoft Teams, or command-line access requests.
• Implementation guidance on combining automated expiry with audit logging and compliance evidence.

👉 Read Apono's guide to just-in-time privileged access best practices →

Just-in-time privileged access management: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →