Technology Insights HOME | Perspectives from Our Experts on Technology Trends and Risks

Technology Insights HOME

Perspectives from Our Experts on Technology Trends and Risks.

Search

ARTICLE

3 mins to read

Emerging Trends in IAM – Part 2: Using the Sunlit Approach to Simplify RBAC

A fully evolved role-based access controls (RBAC) system is often the dream...
Pierce Chakraborty

Managing Director - Security and Privacy

Jeffrey McDonald

Associate Director - Security and Privacy

Views
Larger Font
3 minutes to read

The hybridization of the workforce and subsequent challenges within the IAM world have resulted in many organizations beginning (or reimagining) their journey toward building a mature identity program. As mentioned in our previous post, Emerging Trends in IAM: Simplified Engineering, Protiviti has observed several new trends in the IAM space. This series evaluates those key trends that organizations will focus on over the next few years. This post highlights how organizations can use the Sunlit Approach to simplify role-based access controls.

A fully evolved role-based access controls (RBAC) system is often the dream scenario in the minds of IT security professionals. Provisioning and de-provisioning user access using curated roles automatically aligned to and changing based on a user’s job function is often looked at as the promised land for managing user access. However, as many security professionals have discovered, the dream of a fully fleshed-out RBAC program can quickly turn into a nightmare if the scope of role creation quickly balloons past a manageable level and too many roles are created, bombarding users with more choices than they can handle.

In this scenario, the overabundance of service desk tickets cannot be reduced and role maintenance overhead will grow exponentially. Too many RBAC projects have suffered this fate, however, a new approach to deploying RBAC can help. At Protiviti, we refer to this as the Sunlit Approach.

What is the Sunlit Approach?

Every ocean’s water column has five main zones: the Sunlit Zone, the Twilight Zone, the Midnight Zone, the Abyssal Zone and the Hadal Zone. The Sunlit zone makes up the upper layer of the water column and is the only ocean zone that receives direct sunlight which penetrates to a depth of about 200 meters (656 feet). Due to this, around 90 percent of all marine life lives within this zone and is where most of the oceans’ bountiful resources can be found.

The Sunlit Approach in RBAC follows this principle. Instead of drilling down deep and creating roles for every potential scenario across their environment, we suggest organizations instead look to create roles that will cover 80 to 90 percent of user access. This approach helps limit the scope of role creation to a level that keeps the project moving but still provides a large ROI.

Using the Sunlit Approach to make RBAC more manageable

In practice, this is a shift in the overall question proposed to individual application owners. Instead of asking “What are all the different job roles within your application?” security professionals should be asking “What access is most utilized within your application?” This approach makes RBAC much more manageable and synergizes nicely with new IGA solution technologies such as AI-based role creation which can easily produce insights to quickly develop roles that are directly in line with end-user needs.

This process can be further accelerated and enhanced through the use of specialized tools that work with a company’s current architecture. These tools can provide analysis on common access, detection of new access, nested access and more. Some promising tools we are seeing penetrate the market include Veza, SailPoint Access Modeling and Brainwave GRC.

Adopting the Sunlit Approach does not completely remove the need for role creation by IAM professionals. However, it will allow organizations to get most of the way there, and in the process will provide an instant return on investment for the organization and a simpler catalog that is user-friendly and solves a majority of access needs.

Read the other blogs in this series: Emerging Trends in IAM Part 1: Simplified Engineering – Technology Insights BlogEmerging Trends in IAM Part 3: Machine Identity Management and Emerging Trends in IAM Part 4: Going Passwordless with the FIDO Use Case.

Read the results of our new Global IT Executive Survey: The Innovation vs. Technical Debt Tug of War.

To learn more about our cybersecurity solutions, contact us.

 

 

Was this article helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar article by topics

Authors

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

This blog was originally posted on The Protiviti View. Like companies in other industries, energy and utilities (E&U) organizations want...

Article

What is it about

This blog was originally posted on Forbes.com. Kim Bozzella is a member of the Forbes Technology Council. Here’s a problem...

Article

What is it about

The HITRUST Alliance Common Security Framework (HITRUST CSF) is a cybersecurity framework that helps organizations manage risk and meet regulatory...