<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Life's like a box of chocolates 🍫 Your access shouldn't be. Register for our new webinar.

Search
Close icon
Search bar icon

Feature Deep Dive: Access Workflows

StrongDM manages and audits access to infrastructure.
  • Role-based, attribute-based, & just-in-time access to infrastructure
  • Connect any person or service to any infrastructure, anywhere
  • Logging like you've never seen

Standing Credentials. They’re a problem that seems to persist despite the latest security and access innovations. They’re also one of the main reasons that achieving zero trust is so hard–and enough of a problem that two strategic security initiatives have come to the forefront: Just-in-Time (JIT) access and Zero Standing Privileges (ZSP).

The risk presented by standing credentials is very straightforward: always-on credentials equals always-on risk. It can be ransomware, credential stuffing, insider threats, or any other attack that uses credentials to gain access to your organization. That’s why eliminating standing privileges is critical to eliminating your surface of attack. Fewer credentials that exist in perpetuity are fewer opportunities for bad actors to gain access to your organization.

From standing access to JIT

In fact, a StrongDM study showed that, on average, 85% of credentials had not been used in the last 90 days. And all of those credentials represent an attack vector for bad actors–that's a risk that you don’t need to take on, much less maintain perpetually.

Unfortunately, achieving Zero Standing Privileges (ZSP) has significant challenges. These include:

  • Lack of simplicity for end-users to request access and have it provisioned
  • The inability for admins to easily track and manage new and existing permissions
  • Admins are unable to easily de-provision access across multiple tools and environments at scale

While the three points above may seem simple, that impact is significant. 

  • Users get over-provisioned due to the complexity and overhead of provisioning systems
  • Over-provisioned access becomes over-provisioned standing access, increasing your attack surface
  • The complexity of audits and investigations is increased 

The leading blocker for reducing this risk is simple: there’s no easy way to grant just-in-time access at scale across your organization. The overhead incurred from access requests and the delays in productivity from dev teams makes it prohibitively expensive and time-consuming to address this problem manually. That’s why we built StrongDM Access Workflows.

StrongDM Access Workflows

StrongDM Access Workflows ensures that your team can get access to the tools they need when they need it and also makes it possible to remove that access just as quickly. This approach eliminates standing credentials by streamlining access requests that meet security policies. StrongDM Access Workflows delivers:

  • Enhanced Security: Access is only granted for a specified duration eliminating the need for standing access and reducing the overall attack surface.
  • Improved Efficiency: Easier to manage user rights with JIT access; no need to keep track of who has standing permissions.
  • Reduced Insider Threats: No more persistent access to sensitive data. With JIT, the potential damage an insider can cause is confined to a narrow access window.

Furthermore, StrongDM Access Workflows significantly improve the end-user experience. End-users have an individualized Access Catalog to resources available based on their role or resource attributes (i.e., environment tags, geo-location, etc.). Users request access and connect based on human or automated approval. Here’s an example of a workflow in StrongDM:

StrongDM Access Workflows Example

By implementing workflows that streamline access requests, grants, and revocation, you can ensure that access only exists when it’s needed and automatically expires. The result is the inability of bad actors to use standing credentials (because they’ve been eliminated), and your overall threat surface has also been reduced.

Access requests can also be made via common tools in your stack or via ChatOps and service desks. For example, StrongDM Access Workflows for Slack enables your team to request and approve workflows through direct integration with Slack, limiting context switching and helping your team to continue to use everyday tools while securing access. Check out the video below as an example:

Trying to reach Zero Standing Privileges? We can help.

When standing access is reduced, your attack surface is as well. StrongDM was designed to help you achieve true Just-in-Time access and reach Zero Standing Privileges while making your end-users life easier. Implement Just-in-Time access across all your resources on-premises and in the cloud and meet your security policies. StrongDM’s Access Workflows improve the management of access requests at scale while maintaining the highest security standard. To see StrongDM in action, sign up for a demo here.


About the Author

, Technical Marketing Expert, has held marketing leadership roles for Silicon Valley technology companies specializing in database, data management, and data analytics solutions. As head of content marketing at Splunk, Dominic contributed to boosting the company’s market visibility and its growth from a $100M to a $1.3B company. He brings relentless creativity to the task of connecting people with technical products to improve their lives. Dominic holds a B.S. degree in Public Relations from the University of Texas at Austin. To contact Dominic, visit him on LinkedIn.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Vendor Access Management (VAM) Explained
Vendor Access Management (VAM) Explained
Vendor Access Management (VAM) is the systematic control and oversight of vendor access to an organization's systems, applications, and data. It involves processes such as onboarding and offboarding vendors, utilizing solutions for Just-in-Time access, ensuring security, and streamlining workflows to minimize operational inefficiencies.
What Is Fine-Grained Access Control? Challenges, Benefits & More
What Is Fine-Grained Access Control? Challenges, Benefits & More
Fine-grained access control systems determine a user’s access rights—to infrastructure, data, or resources, for example—once past initial authentication. Unlike coarse-grained access control (CGAC), which relies on a single factor, such as role, to grant access, FGAC relies on multiple factors. For example, it may consider policies (policy-based access control, or PBAC), attributes (attribute-based access control, or RBAC), or a user’s behavior in a certain context (behavior-based access control, or BBAC).
Implicit Trust vs. Explicit Trust in Access Management
Implicit Trust vs. Explicit Trust in Access Management
Trust is an essential cornerstone in access management. However, not all trust is created equal. When it comes to how you approach access, two types of trust stand out: implicit trust and explicit trust.
Joiners, Movers, and Leavers (JML) Process (How to Secure It)
Joiners, Movers, and Leavers (JML) Process (How to Secure It)
People come, and people go, and while digital identities should cease to exist after a departure, many times, this doesn’t happen. At any given time, organizations can have thousands of user identities to manage and track, so when processes aren’t automated, it’s easy for many identities to fall through the cracks. This phenomenon is called Identity Lifecycle Management, and when it comes to access and security, it’s worth the time to get it right.
Reduce Security Risk with StrongDM Device Trust
Reduce Security Risk with StrongDM Device Trust
We are thrilled to announce a new feature to our StrongDM® Dynamic Access Management (DAM) platform: Device Trust. This feature amplifies your organization's security posture by employing device posture data from endpoint security leaders CrowdStrike or SentinelOne.