Security Is No Longer A Binary Decision
IT security has evolved from being a completely binary operation to taking a more nuanced approach. Back in the days when R, S, and A first got together, it was sufficient to do security on this pass/fail basis – meaning a large part of security was letting someone in or not to your network. Or, it could mean allowing them to use a particular application or not, or allowing them access to a particular network resource (e.g. printer, server) or not.
In my blog post earlier this month, I have mentioned this nonbinary approach in passing, particularly when I have talked about adaptive authentication. This is the core reason that the authentication “adapts” to particular conditions. For example, if someone is attempting a second login with “impossible travel” conditions. Or, if you are trying to authenticate not just the user but their device as well.