11-19-2023 09:07 PM
Hi All,
Can I check where can I find out more details on the CIEM JIT functionality?
https://www.paloaltonetworks.com/prisma/cloud/cloud-infrastructure-entitlement-mgmt
"Just-in-Time (JIT) Access
Provides a Zero Trust approach to permission management by limiting access to resources based on specific time-limited permissions. Users and machine identities can be granted access only when they need it and for a limited time, reducing the overall attack surface and exposure of critical resources to potential threats.
How it plans to provide Zero standing access for AWS IAM identity center and other cloud providers.
Thanks
Raj
11-20-2023 03:13 PM
Hi Rajnishnsit2000,
Prisma Cloud CIEM is purpose-built to directly solve the challenges of managing permissions across AWS, Azure, and GCP. Prisma Cloud CIEM automatically calculates users' effective permissions across cloud service providers, detects overly permissive access, and suggests corrections to reach least privilege.
Specific to your question about zero standing access to AWS,
On a high level, Prisma Cloud's CIEM Module consists of 3 Pillars (Source, Granter, and Destination). The module integrates with identity provider (IdP) services like AWS IAM Identity Center and Okta to ingest single sign-on (SSO) data. It allows identities to request temporary access to resources on an as-needed basis, reducing the risk of having long-lasting unused permissions. With the JIT functionality, users and machine identities can be granted access only when they need it and for a limited time, reducing the overall attack surface and exposure of critical resources to potential threats. For example a user/machine may need to perform a job only at 9:30 am for 30mins. With JIT, you make sure that user/machine has a role that allow access only during that time and for that duration.
To learn more about Zero Standing Privileges (ZSP)? (And How They Work): https://www.strongdm.com/blog/zero-standing-privileges
References/Resources: You can find some great detailed resources about Prisma Cloud CIEM module here at the following links:
Let us know us if this helps with your inquiry, or if you have further questions.
Thank you,
11-20-2023 06:49 PM
Hi Wlejulus,
Thanks a lot for providing all the details.
Does Palo Alto CIEM covers all the 3 major cloud providers AWS, Azure & GCP?
And do you have some more config details around this specific zero standing privileges feature set?
Thanks
Raj
12-13-2023 02:11 PM
Hi Raj,
Yes, AWS, Azure, and GCP are supported for CIEM.
Zero Standing Privileges is a concept of requiring users to obtain access as needed and when needed instead of granting continuous access rights. More config details can be found here:
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
