Why Role-based SoD modeling has proven to be a train wreck in every Identity Governance Project. So what can be done?
Why do organizations continue to struggle with entitlement risk modeling? It boils down to risk being aligned to roles and role-based access. The irony is that roles were never intended to be risk models. They were once low-hanging fruit, a logical way to provide an early means of grouping users to entitlements and later associating risk to such groupings.