To advance security for the cloud era, it is imperative to refactor access to more than a simple yes/no and who/what is banned from the network. These effective access decisions must be made using the 5 W’s of access: Who, what, when, where and why. Or, in other words: Identities + Devices + Situations + Locations + Usage Cases. Systems, networks, applications and services must integrate the expression of user, device, session and data control attributes to effect the proper access decisions. Using who, what, when, where and why for access allows more control over complex data relationships.