Table of Contents
Share this entry
Sonrai Security has launched Just-in-Time (JIT) Access, a new capability in our Cloud Permissions Firewall that eliminates the need for standing privileges in AWS environments.
Standing privileges create unnecessary risk, but removing them has traditionally meant either compromising operational speed during break-glass scenarios or implementing cumbersome solutions.
Our JIT Access capability eliminates this trade-off by providing temporary, on-demand access through cloud-native controls. No jump boxes. No proxies. No friction.
The Problem with Standing Access
Most security teams recognize that persistent access is a significant risk, especially when it comes to highly privileged roles in sensitive environments. Yet the reality remains: Engineers often retain admin-level permissions they rarely use “just in case.”
This approach:
- Creates an unnecessarily large permissions attack surface
- Violates Zero-Trust security principles
- Provides attackers with persistent pathways during a breach
- Makes compliance with least privilege mandates virtually impossible
AWS recommends that production environments be the exclusive domain of non-human identities from inception to execution. Sonrai now makes that recommendation achievable without sacrificing operational efficiency.
Cloud-Native JIT for Modern Cloud Operations
Sonrai’s JIT capability extends our Cloud Permissions Firewall to control permissions used in your running cloud–when and how sensitive access is granted.
The Sonrai Difference
- Built for AWS: Leverages customer-managed IAM policies rather than requiring external proxies or jump boxes
- True cloud-native enforcement: Permission controls operate through native AWS IAM. No network rerouting, no proxies
- Frictionless workflows: Integrates with Slack, Teams, and your existing SSO, right where your teams already work
- Part of a complete solution: JIT operates within our comprehensive Cloud Permissions Firewall, not as a disconnected tool
How It Works: Practical, Powerful, Precise
1. Flexible Permission Set Enrollment
Security teams can designate specific permission sets (like production admin roles) for JIT control at any level of the AWS hierarchy—organization-wide, at the OU level, or for specific accounts. Enrollment takes seconds, and controls are instantly enforced.
2. Streamlined Request and Approval Workflows
Just-in-Time Access integrates directly with your ChatOps tools, so teams can manage access in the platforms they already use.
When access is needed, users have two options:
- Reactive requests: A user attempts an action in AWS, is blocked by the Cloud Permissions Firewall, and receives an automated prompt in Slack or Microsoft Teams to request access.
- Proactive requests: A user initiates access ahead of time using a simple Slack command. The system displays eligible permission sets, allowing the user to select the access needed, specify duration, and include justification.
Approvers review requests, determine session lengths, and require context such as a JIRA ticket or business reason. Once approved, access is granted immediately and automatically removed when the session ends.
All access activity is tracked and logged, ensuring auditability without slowing down operations.
3. Real-Time Session Monitoring and Control
Administrators gain complete visibility into all active JIT sessions directly from the Cloud Permissions Firewall dashboard:
- See who has active elevated access
- Monitor time remaining on each session
- Terminate sessions instantly if needed
4. AI-Powered Session Summaries
Traditional Privilege Access Management (PAM) tools rely on cumbersome screen recordings that nobody actually watches. Sonrai takes a modern approach, analyzing logs and generating AI-powered summaries of session activities. This provides full auditability without the storage overhead or privacy concerns of screen recording.
5. Deny-First Security by Default
Sonrai enforces a default deny stance on enrolled permission sets. This prevents the creation of new permission sets as a workaround, ensuring complete coverage without manual maintenance.
Real-World Use Cases
Sonrai’s JIT Access is designed for critical, high-value scenarios where temporary elevated access is necessary:
- Developer troubleshooting: When engineers need temporary access to logs or systems in production to diagnose issues
- Break-glass emergency access: For those rare but critical situations where immediate intervention is required
- Time-limited projects: When teams need elevated access for short-term initiatives
- Controlled environment transitions: When moving changes between staging and production environments
In each case, access is precise, fully audited, and automatically time-bound.
Get Started
Ready to take control of sensitive access without slowing down your teams? Sonrai’s Just-in-Time Access makes it easy to grant elevated permissions only when they’re needed, with full visibility, auditability, and policy-backed enforcement.
See how fast you can improve access controls and reduce operational overhead.
Sonrai Security’s Cloud Permissions Firewall with Just-in-Time Access is available now for AWS environments.