What is Role-based Access Security?

What is role-based access security?

Role-based access security provides a user or device on the network with the least amount of access to corporate resources to do its job, according to its defined role.

Role-based access security is key to adopting Zero Trust network access. Zero Trust is a security model in which no device, user, or network segment is inherently trustworthy and thus should be treated as a potential threat.

Why adopt role-based access security?

New business models, such as hybrid work, are driving the need for efficiency. At the same time, the proliferation of IoT (or unintelligent) devices in the enterprise network are causing increased vulnerabilities. To address the security requirements of decentralized, IoT-driven networks, IT teams need solutions that enable more visibility, control, and enforcement than legacy approaches, such as perimeter-based security, typically offer.

Role-based policies simplify the adoption of Zero Trust and SASE security frameworks. Policy definitions can be carried across both wired and wireless networks irrespective of geographic location or point of connectivity to the network. Appropriate policies can follow users and devices consistently as they travel throughout the enterprise, from campus to branch to home office.

How does role-based access security work?

Role-based access security starts with roles. A role is a logical grouping of clients with common permissions that include application access rights and inter-user or device communication. Roles are built on the Zero Trust Enforcement Model, where users and devices are denied access to other devices and applications by default unless explicitly given permissions. Role-based policies enable businesses to translate security intent to network designs, abstracting the underlying complexities of the network. Those policies are then enforced throughout the network, by either allowing or blocking access.

What are role-based policies?

Role-based policies are a newer way to define security policies. Traditionally, location-/network-specific constructs such as IP addresses or subnets defined security policies, but this can lead to complexity and inflexibility in the network due to the lack of client mobility brought about by these segmentation requirements. IT teams also miss the opportunity for automation as they have to pre-provision the network based on these VLANs and subnet constructs.

Role-based policies allow access policy to be abstracted from the underlying network infrastructure by assigning identity-based roles to endpoints and users. These identities are derived either by authentication via identity stores such as Active Directory, or by profiling how these endpoints behave with Client Insights.

Is role-based access security the same as micro-segmentation?

Micro-segmentation refers to limiting network access according to Zero Trust security principles. Micro-segmentation is similar to role-based access security in that entities are untrusted by default and least access is granted according to an entity’s function. However, micro-segmentation commonly relates to limiting network access for workloads in a data center. Role-based access security — which relates to users and devices frequently found in campuses and branches — complements micro-segmentation in non-data center enterprise networks.

What are the benefits of role-based access security?

Role-based access security offers several advantages over manual, VLAN-based methods of limiting access to resources, including:

  • Simplified network design and operations, as role-based policies are abstracted from underlying network infrastructure
  • More consistent protection, as role-based policies are enforced the same way throughout the network, without manual configuration requirements
  • Easier network and security operations as the network no longer needs to be segmented using traditional network constructs such as VLANs
  • Faster user and device onboarding because IT administrators don’t have to pre-provision the network
  • Enhanced agility while supporting the dynamic requirements of the business, as roles and policies can be defined and modified according to desired business outcome

Ready to get started?