The Importance of Edge Use Access (With Identity Automation)

edge use access Identity Automation

What is the importance of edge use access?

According to Texas-based identity and access management solution provider Identity Automation, it’s one of the great identity challenges facing enterprises today. Edge use access refers to the exceptions to the normal permissions granted to employees and third-parties. Without granting these edge use access cases, employees will be unable to fulfill special projects or complete new responsibilities.

Why is this such a challenge?

Edge Use Access: The Challenge

According to Identity Automation, there is two basic overriding permissions structure:

Role-Based Access Controls (RBAC): In which access is determined by the roles/positions users have in your enterprise network and by the rules governing how access is assigned to different roles. A role can be applied to a single person or to a group of users with common affiliations.

Attribute-Based Access Controls (ABAC): In which access is controlled granularly, allowing for more input variables into access control decisions. Attributes can be used independently or in combination to define proper filters to resources and assets.      

Yet at the same time, Identity Automation points out, thinking of RBAC and ABAC as two separate entities may obfuscate the similarities between them. Both allow enterprises to quickly define filters or rules to determine access based on a user’s role or attributes (respectively), and both are ideal for setting broad strokes access policies. Furthermore, both can be used dynamically with each other for onboarding.

However, RBAC and ABAC are most common in limited or legacy IAM solutions, and therefore aren’t really equipped to handle edge use access cases. These edge use access cases are granted only under particular circumstances: for particular projects, time periods, or extraordinary or emergency situations. In RBAC and ABAC systems, this need will mandate manual monitoring and management, which may create a resource and personnel drain to handle it. Roles may not even be the best way to organize access, according to Identity Automation, especially given how enterprises scale in the modern marketplace and the requisite complexity of access demands.

Getting edge use access right extends just beyond business processes. It’s also a matter of cybersecurity.

The Dangers of Edge Use Access Failures

Improperly handled, granting special access or permissions to employees or users who don’t normally need these permissions increases the risks involved with those credentials. Generally, this means access creep—the gradual and unmonitored accumulation of credentials outside the purview of normal responsibilities—that make those credentials severe liabilities. In the wrong hands, access creep credentials could prove devastating to your enterprise’s network, whether that be in the hands of an external threat actor or an insider threat.    

Another potential issue Identity Automation identifies is role creep. Role creep is a symptom of limited or legacy IAM solutions in which roles are “stacked” on top of one another because the roles aren’t flexible enough to accommodate access granting or revoking. New roles are created to be used in conjunction with old ones to accommodate edge use access cases. This creates a far more challenging management and monitoring situation for your IT security team, and could possibly cause processing problems later on as your enterprise scales.

Role creep also makes deprovisioning far more challenging as administrators struggle to find all of the roles associated with a single device, potentially leaving backdoors into your network that could put you at serious risk.

If your enterprise is interested in learning more about edge use access and better management of such, check out the free “Just in Time Access” e-book from Identity Automation, available here.

Other Resources: 

Managing Third-Party Privileges with Identity Automation

The Role of Identity in Digital Transformation

By the Numbers: Preparing for a Data Breach

Privileged Access Management and Identity Hygiene

Key Identity and Access Management Findings from the Identity Automation Blog Q1 2018

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner