In this episode of Webmethod Unplugged, we sit down with John Thornton, a leading expert in Identity & Access Management (IAM) and the creator of Role Model Analysis. With over a decade of experience and two dozen access consolidation projects under his belt, John breaks down why so many Role-Based Access Control (RBAC) initiatives fail—and what you can do to turn yours around.

Drawing on real-world lessons from healthcare, finance, retail, and manufacturing, we explore how companies waste six- and seven-figure budgets on RBAC programs that produce roles but deliver no real business value. John explains why “one-size-fits-all” role models don’t work, how to avoid role explosion, and when to use RBAC, ABAC, PBAC, or Fine-Grained Access (FGA).

This is a practical, non-hype conversation about access consolidation that focuses on measurable outcomes: reducing IAM operational costs, speeding up employee onboarding, and eliminating access review fatigue—without sacrificing security or compliance.

Topics covered in this episode include:

• The real cost drivers behind failed RBAC projects
• Why data—not dogma—should guide your access model
• How to choose between RBAC, ABAC, PBAC, and FGA
• The role of collaboration between IAM teams and business leaders
• Real-world success stories: from traveling nurses to global banks
• How to identify whether your organization needs access consolidation
• A simple rule to prevent role explosion and ensure ROI

This episode is essential for IAM leaders, IT directors, security architects, compliance officers, and anyone responsible for identity governance, access management, or cybersecurity budgets.

🎙️ Webmethod Unplugged is a podcast focused on identity security, enterprise technology, and practical strategies for IT leaders.