We implemented JIT access for our privileged accounts. Auditor asked what the engineers actually …

📰

We implemented JIT access for our privileged accounts. Auditor asked what the engineers actually did during those sessions. We had no answer.

Reddit r/sysadmin·u/TurnoverEmergency352·about 1 month ago

#access #session #auditor #engineers #prod #article

Reading 0:00

15s threshold

We implemented JIT access for our privileged accounts. Auditor asked what the engineers actually did during those sessions. We had no answer. We moved our prod environment privileged access to a JIT model about 14 months ago. Engineers request elevated access through a workflow, it gets approved, they get a time limited role, it expires after 2 hours. Thought we had done everything right. Least privilege, approval trail, automatic expiration. SOC2 Type II audit started last quarter. Auditor pulled our JIT access logs and said great, I can see who requested access, who approved it, and when it expired. Now show me what they did with it. We did not have that. We have CloudTrail in AWS so some API calls are logged, but for database access, for SSH sessions into instances, for any interactive work that happened inside the network boundary, we had call logs with no context and in some cases nothing at all. The JIT system told us a person had access for 2 hours.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

We implemented JIT access for our privileged accounts. Auditor asked what the engineers actually did during those sessions. We had no answer.