Glossary

What are Joiners-Movers-Leavers (JML)?

Joiners-Movers-Leavers (JML) is a concept used in user access management aimed at controlling the entrance, movement, and exit of users within an organization's network or systems. The 'Joiners' segment refers to the new users or employees who are added to the network, requiring certain permissions and resources to execute their duties. The 'Movers' are those that transition within the organization, which could involve requiring different sets of privileges or access to execute new roles. Lastly, the 'Leavers' are users that exit the organization, thereby necessitating the deprovisioning of their access to systems and company data.

Why JML Exists and Who Needs It

JML management exists to ensure that users have the appropriate levels of system access to fulfill their duties while ensuring the security of the organization's data and systems. This is particularly important as improper access management can lead to data breaches, misuse or theft of sensitive information, and even hamper productivity due to employees lacking the necessary access rights. HR teams primarily coordinate JML processes, but it's also vital for IT administrators to manage these changes. Essentially, JML benefits all organizations that prioritize data protection, manage a host of users, and comply with data protection regulations.

Usage and Commonality of JML

JML is predominantly executed through Identity and Access Management (IAM) tools that automate the process. The tech team proactively manages user privileges, especially with role changes (Movers) and terminations (Leavers) to prevent unauthorized access to sensitive information. Common uses of JML processes include onboarding new employees, role changes, offboarding of leaving employees, and compliance reporting. JML is quite common in medium to large-scale organizations where proper access management becomes increasingly critical and complex.

JML in the Context of Cloud Infrastructure and SaaS

In the context of cloud infrastructure and Software-as-a-Service (SaaS), JML is a critical component of IAM. With numerous applications accessible from any location, managing who has access to what becomes a complex task. However, advanced IAM solutions provide automated processing of JML requests, ensuring user access is granted, altered, or revoked in an appropriate and timely manner. These automated processes reduce the possibility of human error, thus mitigating potential access-related security risks.

By adopting a least privilege approach, organizations can align their JML model with best practices in cybersecurity. This approach ensures users are granted only the absolute necessary permissions to carry out their tasks, thereby minimizing the risk of rogue or erroneous actions that compromise data security. Thus, an effective JML model becomes necessary in achieving a secure and efficient DevOps environment.

Joiners-Movers-Leavers (JML)

FAQ

What do "Joiners", "Movers", and "Leavers" refer to in the context of IAM and permission management?

These terms refer to three stages in a user's lifecycle within an organization. "Joiners" are those who are new to the organization and need access privileges set up. "Movers" are existing employees who have changed roles within the organization and thereby need their access privileges updated. "Leavers" are those who have left the organization and should have all their access privileges revoked to ensure cybersecurity.

How does a concept like “least privilege access” apply to Joiners, Movers, and Leavers?

“Least privilege access” means giving users only the permissions they need to perform their jobs. For "Joiners", they should be given just the right amount of permissions necessary for their job and not more. When users become "Movers", their permissions need to be updated to match their new role and unnecessary permissions revoked. For "Leavers", all permissions should be removed to prevent unauthorized access.

What challenges arise around Joiners-Movers-Leavers in SaaS or cloud infrastructure?

One of the primary challenges is managing access across multiple SaaS applications or cloud environments. As employees join, move within, or leave the organization, it can be complex to ensure the right access is granted or revoked in a timely manner. Another challenge is ensuring temporary or just-in-time access, necessary for contractors or temporary staff, is properly managed and revoked when no longer necessary.

Why is a systematic approach to Joiners-Movers-Leavers crucial in DevOps and cybersecurity?

A systematic approach provides a well-defined, predictable, and repeatable process for managing changes in user access. This helps prevent unauthorized access or privileges escalating beyond what is necessary for a user's job. Proper management of user access is a critical component of cybersecurity, and it is especially important in a DevOps environment where rapid changes are common.

How is temporary access managed for Joiners and Leavers in the context of Joiners-Movers-Leavers?

Temporary access should be managed based on the principle of least privilege. For "Joiners", temporary access might be granted as a part of onboarding until permanent roles and permissions are established. For "Leavers", all access, including temporary access, should be immediately revoked upon their departure from the organization. Proper tracking and management systems are crucial to ensure temporary access is not forgotten and left open.

It's 2024,

See how easy it is to automate

Automated Access Management Platform - Entitle - Limit cloud access without pushback

Entitle is a seamless way to grant employees granular and just-in-time access within cloud infra and SaaS.