Zero standing privilege for cloud access: what changes for IAM teams?

TL;DR: Weaviate says it cut access-management time from two days to two hours a week by automating just-in-time privileged access across AWS, GCP, and Azure, eliminating standing cloud access and preserving developer workflow, according to ConductorOne. The real lesson is that zero trust succeeds when privilege is policy-bound, time-bounded, and operationally invisible to users.

NHIMG editorial — based on content published by ConductorOne: How Weaviate automated privileged access and turned zero trust into a customer win

Questions worth separating out

Q: How should security teams implement JIT access for cloud admin roles?

A: Start by mapping which cloud tasks truly require elevation and converting those permissions into task-scoped approvals with automatic expiry.

Q: Why does standing privilege create more risk in cloud environments?

A: Standing privilege keeps high-value permissions available even when no task is in progress, which expands the attack window and makes account misuse harder to contain.

Q: What do IAM teams get wrong about zero standing privilege?

A: They often treat it as a role-design project instead of an operating model.

Practitioner guidance

• Remove standing cloud admin access Replace always-on cloud privileges with task-scoped elevation paths for AWS, GCP, and Azure.
• Embed access requests in developer tooling Move approval and elevation workflows into the terminal or other native developer interfaces so users do not have to switch contexts or open tickets to do routine privileged work.
• Review privileged eligibility instead of assigned admin roles Update access review processes to focus on who can activate privilege, how long access remains valid, and whether revocation happens automatically after the task completes.

What's in the full article

ConductorOne's full blog covers the operational detail this post intentionally leaves for the source:

• Step-by-step explanation of how policy-based JIT access was applied across cloud environments.
• Practical examples of CLI-native access workflows and how they fit developer operations.
• Details on custom connectors built with Baton SDK for customer-facing systems.
• The before-and-after access governance workflow that reduced weekly administration time.

👉 Read ConductorOne's post on automated privileged access and zero standing privileges →

Zero standing privilege for cloud access: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →