JIT: Just-In-Time Access
ZSP: Zero Standing Privileges
If you work in Cybersecurity IAM Domain, you may be familiar with terms Just-In-Time provisioning and Zero Standing Privileges. Generally these terms are used interchangeably but both are slightly different. ZSP can be considered as the progression of JIT but both have same end goal i.e. to improve the security posture.
JIT allows users to gain privilege or elevate access in the systems/applications when they need. JIT is associated with a time-frame that means users will gain privileged access for a particular time-period and once the time is over, privileges will be revoked from the user.
ZSP focuses on no persistent access to users in the systems or applications. Every time users need to request access that they need to perform their job duties and privileges will be revoked immediately after use.
Difference: Biggest differences between JIT and ZSP are
- JIT allows users to gain access for a particular time-period but ZSP allows users to gain access for specific tasks
- JIT is time-bound and ZSP is task(s) bound
JIT: User requests privileged access for a particular time-frame say 8 hours and once request is approved, user will have the access for 8 hours and access will be revoked when time is over. No additional approval is required in that 8 hours window.
ZSP: User can request privileged access to perform a particular task and access will granted after the approvals. Access will revoked immediately on task completion. If user needs access again to perform another task, new approval will be required before access can be granted.
Both security principles help prevent accidental misuse and targeted attacks, minimize security risk and reduce attack surface but ZSP is based on Zero Trust implementation requires reauthorization for each task.
