Notifications
Clear all
Topic starter
07/06/2026 9:04 pm
TL;DR: Weaviate says it cut access-management time from two days to two hours a week by automating just-in-time privileged access across AWS, GCP, and Azure, eliminating standing cloud access and preserving developer workflow, according to ConductorOne. The real lesson is that zero trust succeeds when privilege is policy-bound, time-bounded, and operationally invisible to users.
NHIMG editorial — based on content published by ConductorOne: How Weaviate automated privileged access and turned zero trust into a customer win
Questions worth separating out
Q: How should security teams implement JIT access for cloud admin roles?
A: Start by mapping which cloud tasks truly require elevation and converting those permissions into task-scoped approvals with automatic expiry.
Q: Why does standing privilege create more risk in cloud environments?
A: Standing privilege keeps high-value permissions available even when no task is in progress, which expands the attack window and makes account misuse harder to contain.
Q: What do IAM teams get wrong about zero standing privilege?
A: They often treat it as a role-design project instead of an operating model.
Practitioner guidance
- Remove standing cloud admin access Replace always-on cloud privileges with task-scoped elevation paths for AWS, GCP, and Azure.
- Embed access requests in developer tooling Move approval and elevation workflows into the terminal or other native developer interfaces so users do not have to switch contexts or open tickets to do routine privileged work.
- Review privileged eligibility instead of assigned admin roles Update access review processes to focus on who can activate privilege, how long access remains valid, and whether revocation happens automatically after the task completes.
What's in the full article
ConductorOne's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step explanation of how policy-based JIT access was applied across cloud environments.
- Practical examples of CLI-native access workflows and how they fit developer operations.
- Details on custom connectors built with Baton SDK for customer-facing systems.
- The before-and-after access governance workflow that reduced weekly administration time.
👉 Read ConductorOne's post on automated privileged access and zero standing privileges →
Zero standing privilege for cloud access: what changes for IAM teams?
Explore further
08/06/2026 8:51 am
Zero standing privilege is no longer just a hardening control, it is a scaling control. The post shows that standing cloud access creates both security exposure and operational drag when teams grow beyond a small startup model. Once manual access review and on/offboarding consume staff time every week, the governance issue becomes structural. Practitioners should treat persistent privilege as a maturity ceiling, not a convenience.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, which shows how often lifecycle controls lag behind access design.
A question worth separating out:
Q: How can organisations tell whether privileged access automation is working?
A: Look for fewer standing admin accounts, shorter access fulfilment times, and a lower percentage of access requests that require manual intervention. If users still bypass the process or if reviews cannot show who had privilege, when, and for how long, the programme is only partially working.
👉 Read our full editorial: Automated privileged access exposes the limits of zero standing access
