Birthright access is an anti-pattern for secure, least privilege access control.

Modern security teams are automating traditional compliance controls to reduce the risk posture for an organization – what we're calling security-led governance.

As one of the core tenants of zero trust, least privilege access is probably the least understood and the hardest to reach today. At the highest level, think of least privilege access as providing people – or identities more generally – the access they need to do a job, and for no longer than they need it.

IT, Security, and GRC teams have long held a love-hate relationship with directory groups. Groups enabled companies to scale permissions for a time, but the proliferation of directory groups is now causing major headaches for security.