All companies can relate to the amount of time and resources it takes to situate employees into new roles, onboard new hires, and especially go through the process of recertification. What tends to come out of recertification is the unfortunate entitlement or access creep that enables that extra access stemming from the habit of clicking yes to all seemingly relevant access selected. While these decisions are stuck in the moment they are decided and do not update until the next cycle, runtime authorization policy checks happen in the exact second access is requested. Removing the static manager decision process and allowing for just-in-time context attributes delivers the right access to the right resource at the right time. Decisions on privilege should be based on real-time policies and consistent data governance that speak more to our continuously evolving business landscape. David Brossard will cover the specifics of policy-based access control and explore whether recertification can be reframed as we move forward with these policies that are already key to the future of IAM & Cybersecurity.