SINGAPORE, 17 JULY 2026 – Keeper Security, a leading zero-trust and zero-knowledge identity security and Privileged Access Management (PAM) platform, has announced Keeper Privileged Cloud, a capability that launched within KeeperPAM earlier this year. The solution delivers Just-In-Time (JIT) access and zero standing privilege across cloud identity providers including AWS IAM, Azure Entra ID, Google Cloud Platform, Okta and Active Directory, ensuring privileged credentials exist only for the duration of an approved session and are automatically revoked once that session ends. By eliminating the window in which unused privileged credentials linger in cloud identity platforms, Keeper Privileged Cloud shrinks the attack surface to the exact moments access is actually in use, removing dormant permissions that adversaries could otherwise exploit.
According to Keeper’s research, 64% of organizations lack fully consolidated privileged access governance, and 43% still allow direct application logins that bypass their identity provider entirely. These gaps leave privileged credentials sitting in cloud identity platforms long after the work requiring them is finished, creating standing footholds that attackers actively look for.
How It Works
When a user submits a request for elevated access and it is approved, Keeper Privileged Cloud applies the access level pre-configured by an administrator for that request type, such as a specific role or group scoped to a defined set of permissions, and adds temporary group membership or role assignment in the target identity platform, time-bound to the approved window. Once access is granted, the user launches the target console or application directly from the Keeper Vault through Remote Browser Isolation, with every action in the session recorded and analyzed in real time by KeeperAI. When the approved window expires, KeeperPAM automatically removes the elevated access. No standing accounts are created, no privileged credentials are shared with end users, and no manual cleanup is required.
One Platform, One Audit Trail
Most organizations attempt to close the standing privilege gap by piecing together JIT access from their identity provider, PAM tool and cloud provider, a fragmented approach that results in three systems, three audit trails and no single point of enforcement. Keeper Privileged Cloud consolidates these functions into one platform spanning password management, secrets management, session management and endpoint privilege management. Because the capability is native to KeeperPAM rather than bolted on through a third-party connector, access governance, credential protection and audit all operate within the same zero-knowledge architecture from the start.
This governance model also extends to non-human identities and AI agents, with every identity, human or machine, receiving only the access a task requires, for the duration of that task, along with a complete audit record. Organizations need no separate tools, vendors or integration projects to achieve this level of control.
Craig Lurey, CTO and Co-founder of Keeper Security, said the core challenge with standing privileges is that removing them requires coordination across multiple systems that were never designed to work together. He noted that most JIT access tools are added after the fact, layered on top of systems that were never built to revoke access automatically. According to Lurey, because Keeper Privileged Cloud was built into KeeperPAM from the ground up rather than layered on afterward, access governance, credential protection and audit all live within the same zero-knowledge architecture, which he described as the only way zero standing privilege can hold up at scale instead of becoming yet another system to maintain.
