How are businesses approaching this issue?

Granular Role Definition: Define security roles with precision, mapping them to specific job functions and responsibilities.

Avoid generic roles and adhere to the principle of least privilege, granting only the necessary access to perform tasks.

Regular Review and Updates: Establish a schedule for periodic reviews of security roles. Update roles to reflect changes in organizational structure, processes, and personnel. This ensures alignment with evolving business needs.

Thorough Testing and Validation: Rigorously test security roles across different scenarios and user profiles.

Verify that roles provide expected access and restrictions. Address any discrepancies or vulnerabilities identified during testing.

Collaboration and Communication: Foster collaboration between IT, security teams, and business units.

Maintain open channels of communication to ensure that security roles remain aligned with business processes and changes.

Documentation and Training: Maintain comprehensive documentation of security roles, detailing their purpose, privileges, and associated responsibilities.

Provide user training to ensure employees understand their roles and responsibilities in upholding security.