All data should include content about what rights users have over it. Static user directories only advise on permissions, not on suspicious behavior. Use analytics platforms to track patterns of past hacking attempts. Track user identities across systems to prevent threats. Attributes like device location and recent history reduce the work of access recertification.