Founded in 2005, SailPoint Technologies is a recognized market leader in Identity Management with over 125 customers worldwide. With its unified solution for compliance and provisioning, IdentityIQ, SailPoint automates user administration processes such as self-service access request, password management and lifecycle event management, and helps organizations mitigate risk and meet regulatory requirements by automating access certifications, role-based access control, and SOD policy enforcement. SailPoint’s Global 1000 customers realize the following benefits:
- Reduced user administration processing time and staffing requirements
- Improved responsiveness to changing business demands
- Lower compliance costs, cycle times and staffing needs
- Faster remediations of areas of potential risk and exposure
In the following interview, Darran Rolls, Chief Technology Officer at SailPoint Technologies discusses 1:1 with Info Security PG, Editor-in-Chief of Info Security Products Guide, how identity management has evolved over the years and what is cloud-based identity management.
Info Security PG: How has identity management evolved over the years? Why are security breaches still happening?
Darran Rolls: Over the past ten years, identity management projects have been plagued by high complexity and costs, which have constrained the scope of deployments and limited business results. First-generation identity management solutions were highly technical and difficult for business users to adopt, and the amount of customization needed to deploy these solutions added to the cost and complexity issues. In contrast, SailPoint IdentityIQ specializes in fast deployments across all critical applications and systems (many clients manage 100-1000’s of resources), providing centralized visibility into “who has access to what?” IdentityIQ also provides a business-centric approach to identity management. It provides simple, intuitive user interfaces designed for business users, allowing them to more easily review and approve access rights, request access, define policy, and audit and report on identity issues across cloud and datacenter environments.
The continued incidence of security breaches stems directly from the lack of visibility that most enterprises have over identity data and processes, and the lack of automated policy enforcement. These factors lead to a variety of control weaknesses, such as weak passwords, failure to de-provision terminated employees (“orphan accounts”), separation-of-duty conflicts that can enable fraud, and over-privileged users. The $7 billion trading fraud that occurred at Societe Generale in 2008 illustrates a perfect storm of these factors.
Info Security PG: How is cloud-based identity management different from the classic solutions offered by many existing vendors?
Darran Rolls: In general, cloud-based identity management solutions provide the same functionality as classic identity management solutions, but instead of being installed on-premise in the datacenter, these solutions are delivered as a service from the cloud. The most important factors to consider when deploying cloud-based identity management solutions are: 1) connectivity to managed resources in the datacenter and 2) secure communications between the cloud and the enterprise datacenter.
Using cloud-based identity management is easier for small companies who have fewer applications and systems to manage, because this minimizes the cost and complexity of integration. For larger organizations (with 100’s-1000’s of resources), cloud-based identity management can present greater challenges. Many organizations consider identity data to be confidential data, so the right security measures must be in place to ensure secure communications.
SailPoint’s Identity Cloud Bridge addresses these challenges with three capabilities that help organizations to integrate cloud-based identity management with corporate resources:
- Remote connectivity between the cloud and the datacenter: the SailPoint Identity Cloud Bridge aggregates data and transactions from the datacenter and transmits them to/from IdentityIQ running in the cloud.
- Secure communication link: The Identity Cloud Bridge provides a secure encrypted tunnel between IdentityIQ in the cloud and datacenter resources.
- Store and forward technology: The Identity Cloud Bridge enables the reliable delivery of all data and access changes between IdentityIQ and datacenter applications.
Info Security PG: What are the incentives for enterprises to migrate to a cloud-based security solution if they have already invested heavily in classic products and services to stay secured?
Darran Rolls: Cloud-based identity management offers a lot of promise for global organizations. It can provide them with pay-as-you-go options that reduce capital expense and the ability to scale the solution on demand as the environment grows. In addition, organizations with budget constraints or those that lack technical staff to manage and maintain identity management solutions like the option of outsourcing this work to a service provider.
Enterprises with mature identity management deployments, however, may be challenged to migrate to the cloud in order take advantage of the benefits offered by cloud-based identity management solutions. The move may require implementing new connectors to managed resources, rewriting custom workflow for provisioning processes, etc. For these clients, the right approach is to look for a hybrid solution that leverage their existing investment in on-premise Identity management technology, while making use of new features and capabilities from a cloud based solution.
Company: SailPoint Technologies
6034 West Courtyard Drive, Suite 309,
Austin, Texas 78759 U.S.A.
Founded in: 2005
CEO: Mark McClain
Products and Services: Identity Management Solution – SailPoint IdentityIQ
Company's Goals: SailPoint’s mission is to address the needs of today’s complex enterprise business and IT environments from the perspective of the business in order to mitigate risk, reduce IT costs, and ensure compliance.