The dangers of role-based access control (RBAC)

Balaji Parimi, founder and CEO of CloudKnox Security, discusses the current problems with role-based access control and how access control is evolving to become more secure.

In the podcast, Parimi and host Chris Sienko discuss:

– When did you first get interested in computers and security? (1:16)
– What does CloudKnox offer its clients and what is its role in the cybersecurity landscape? (2:13)
– What is role-based access control? How does it work, and how is it meant to be used to protect your network? (8:02)
– What are the upsides of using RBAC? If done well, can RBAC still be an effective method of controlling access? (9:20)
– How do we start pulling back from the default setting of giving all employees all the privileges as a matter of convenience and customizing privileges according to the needs of the position? (11:10)
– What are some of the issues involving high-risk privileges? (12:05)
– What is the role of non-human identities? Do things like service accounts that connect to modular coding components, microservices, software containers and APIs feed into this issue? (14:46)
– What is the actual time and resource commitment that a company would need to undertake to reform its privilege levels? (16:20)
– Does there need to be outreach to organizations to let them know that over-privileging users is a problem? (18:07)
–If these issues of over-provisioning aren’t solved, what’s a safer alternative? Is there one on the horizon? (21:30)
– Under a new, safer system, would privileges be requested and gained in the moment as the task requires them? (22:11)
– What types of hands-on experience, education and certs would you recommend for people looking to work in access (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Hunter Reed. Read the original post at: