§ 13 · Roadmap
From Proof of Concept to Prototype

The PoC works. Connect it to real systems.

Six phases ahead. Each phase ships in weeks, not quarters.

Phase · 01

Live Connectors

AD, HR systems, cloud apps. Decisions on real data, not simulations.

Validate fabric
Phase · 02

Automation

Event-driven triggers. Auto-review on role change, auto-revoke on departure.

Close the gap
Phase · 03

AI insights

SailPoint AI recommends access changes; agentic AI discovers role patterns.

Proactive cleanup
Phase · 04

Step-up auth

Second factor for high-risk actions. Extra protection where it matters.

Risk-based
Phase · 05

Cloud deployment

Google Cloud Run. Accessible to all four offices from a browser.

Scale
Phase · 06

Dashboards & Visualizations

Live risk heatmaps, SoD monitoring, and interactive drill-downs — connected to real data and accessible from any office without technical skills.

Executive visibility
Phase 6 · Agentic AI

Turn Zero Trust into a Zero Trust colleague.

Four concrete use cases already specified:

  1. Natural-language access requests — "I need temporary FX London access for this week" → agent initiates the SailPoint governance workflow
  2. Cognitive audit log — every PDP decision gets a paragraph of plain-language reasoning, not just PERMIT/DENY
  3. Smart recommender — when the cluster analyzer flags an outlier, an agent generates the human-readable justification automatically
  4. Anomaly hunter — agents look for behavioral patterns that resemble ombudsman activity without accessing the registry

Key guarantee: The agent layer is additive. It cannot grant access on its own — the PEP/PIP/PDP path is still the only authority for any decision.

Previous12 · What this proves