2019 SailPoint Identity Insider Magazine - Magazine - Page 41
DAVID LEE
Sr. Identity Strategist,
SailPoint
The Death of Roles
Google “RBAC is dead,” and you
will see hundreds of hits with blog
posts, marketing material, snarky
comments about the death of RoleBased Access Control. Much like the
password, it turns our roles are pretty
tough to kill. Like the cockroach of
the identity world, something tells me
roles will be here long after we are gone.
depth authentication workflows that
respond to the dynamic way in which
we work. We’ll be able to govern more
efficiently by presenting outliers of
peer group analysis for inspection and
certification. Automate access request
by comparing a user to their peer group
and approving access that is consistent
with not only a user’s peers but the activity of
those peers.
TAKE
ON THE
FUTURE
However, we are entering an age that we’ve never
seen: the age of machine learning. And not the
hype-filled, marketing message machine learning,
I’m talking about the data crunching, pattern
recognizing, predictive model machine learning.
We’ve been empowered by data science to be
able to analyze large amounts of data in ways we
could have only dreamed about just ten years ago.
We can study relationships and peer groups to
determine access patterns and make intelligent
decisions around who should and shouldn’t have
access.
However, we don’t just stop there; we can qualify
the decision of access with things such as
location, time of day, device integrity and then
dynamically adjust access based on the available
data points. So instead of a simple “Does the user
have X” check, we can now ask deep probing
questions and respond in time. “Should Teresa
have access to this Box file at 1:25 pm on Saturday
in Starbucks from her laptop?” Now that’s a
different kind of question, and we can ask it.
The onset of machine learning revolutionizes the
world of identity. We’ll be able to have more in-
All of this means our dear friend “Mr. Role” will
no longer be a central part of deterring access
control. Will he fade away into non-existence? No,
too many applications depend on it for internal
authorization. However, it will no longer be central
to determining a user’s access, and will no longer
need the rigorous administration. No more sixmonth-long projects to determine what users have
access to and how that access equates to roles.
Gone are the days of certifying roles to make sure
that the access granted still makes sense. We’ll
replace that with peer group analysis and certify
users that are outliers. We can trust that the users
are assigned not only the appropriate access but
access that they are using. Roles are now one
point in a collection of data that is analyzed and
used to determine a user’s access.
It’s been a great run for roles, and they’ve served
their purpose well. Strike up the band, light the
fireworks and let’s wish them well on their journey
to insignificance and rejoice as we bring in the
reign of machine learning.
IDENTIT Y INSIDER SAILPOINT
|
41