Identity Gets Smart

SailPoint CEO Interviewed for StartUp City

Mark McClain, CEO & Founder opens up to InformationWeek about identity governance. Watch the video »

Identity Governance Buyer's Guide - 2nd Edition

Identity Governance Buyer's GuideContains tools to help you identify your priorities, conduct side-by-side product analysis and find a solution that suits your needs. Download the Guide »

Streamline Compliance

Streamline ComplianceLearn how SailPoint makes compliance more effective and sustainable.

Download the Compliance Manager data sheet »

Deliver Convenient Access

Access Request Manager Data SheetLearn how SailPoint keeps pace with access change.

Download the Lifecycle Manager data sheet »

Get the Big Picture

Get the Big PictureSee exactly how SailPoint IdentityIQ works.

Download the SailPoint IdentityIQ brochure »

Align Access with Business

Align Access with BusinessLearn how SailPoint strengthens identity governance.

Download the Role Manager data sheet »

Apply Best Practices

Apply Best PracticesLearn how to plan ahead for successful role management.

Download the White Paper: Practical Role Management »

Manage Identity Data

Manage Identity DataLearn how to improve visibility and transparency.

Download the Identity Intelligence data sheet »

Manage Compliance

Manage ComplianceLearn how Identity Governance helps meet compliance requirements.

Download the white paper »

Succeed with SailPoint

Don't take our word for it, see what others are saying.

Stay Connected

Subscribe to our quarterly newsletter.

Subscribe »


Get the latest news and views with SailPoint's podcast series, "The Identity Intelligence Insider"

Listen »  |  Subscribe »

Media Contacts

Kari Hanson
pr@sailpoint.com
phone: 978-373-4003


Michelle Dillon
Beaupre & Co. Public Relations
mdillon@beaupre.com
phone: 603-559-5835

Choose Wisely

SailPoint's innovative approach is getting noticed. Don't take our word for it, see what others are saying.

Subscribe

SailPoint's Identity Intelligence Insider is a monthly podcast series on hot topics in identity risk management.

Listen »

CONTACT US

Hours
8:00AM - 6:00PM CST
Monday through Friday excluding holidays

Email
support@sailpoint.com

Phone
(888) 4SAILPT
(888) 472-4578

Schedule a Demo

Schedule a DemoSee IdentityIQ in action, request a one-on-one demo today.

"By using roles to request, approve and certify user access privileges, BNSF will be able to simplify its user administration and compliance processes. SailPoint IdentityIQ will allow us to enforce and verify role-based access across our critical enterprise applications using a streamlined, automated approach."

Bart Boudreaux, Director, Technology Services, BNSF Railway

"SailPoint helps us define the connection between user access, financial control and intellectual property protection. Their risk-aware approach focuses on the relative risks associated with user access within our business."

Russ Finney, Vice President of U.S. Information Systems operations for Tokyo Electron, U.S. Holdings

"Businesses that are concerned with compliance mandates and ensuring the security and integrity of their IT systems cannot afford 12 to 18 month deployments. With IdentityIQ, organizations can gain immediate payback from automating key governance processes to better address business risk."

Kevin Cunningham, Co-Founder and President, SailPoint

"As a publicly-traded company and financial services provider, we are subject to a variety of regulations including FISMA, SOX, PCI, and SAS 70. To meet these requirements, we are standardizing and automating our compliance processes for identity management, so that we can centrally control who gets access to sensitive resources and maintain compliance as the organization changes over time. This centralized and automated approach allows us to proactively address risk and more efficiently maintain a compliant, secure environment."

Jerry Archer, Chief Security Officer, Sallie Mae
Bookmark and Share

Headlines & Editorials

The latest news coverage on identity governance trends and technologies.

Data Breaches in U.S. Cost More
The average cost to an organization of a data breach in the United States is higher than in four other countries where data-breach costs were compared, specifically Australia, France, Germany and the United Kingdom, according to a recent Ponemon Institute report.
Network World  |  April 28, 2010

Identity and Access Management Tops IT Agenda for 2010
Identity and access management (IAM) is high on the to-do list this year for nearly two thirds of companies in the UK, France and Germany, according to a recent poll of IT security decision-makers by Forrester Research. Nearly 60 per cent cited improved security as the primary driver for adopting IAM, with the remaining two fifths roughly evenly split between improved service delivery, regulatory compliance, cost reductions, and governance.
Computing UK  |  May 17, 2010

Security Mergers and Acquisitions Strategy: Questions You Need to Ask
Every security industry merger and acquisition announcement leaves a lot of midmarket companies wondering, "What does this mean to my business?" To help you ultimately decide whether to stick with an acquiring company or look elsewhere, it's important to understand the motives behind the acquisition strategy, review the product road map and evaluate the quality of service and support. This SearchSecurity.com article reviews some essential security mergers-and-acquisitions questions.
SearchSecurity.com  |  March 29, 2010

Losing Sleep Over Three Data Breaches in a Year
Never mind three strikes and you're out. How about three strikes and I've got to ask myself if I even want to be in one of your hotels in the first place. The question arises after a third reported incident in 12 months involving the Wyndham Hotels chain. Granted, even the most security-conscious of companies can be victimized by hackers, but when you've had to cop to a third data breach in less than a year you'll have to forgive prospective customers for looking elsewhere for shelter. Or to pay in cash.
Computerworld  |  March 4, 2010

Poor Governance at the Heart of Poor Data Security, Says ICO
Information security, particularly in central government, is undoubtedly improving, but several common problems remain, says the Information Commissioner's Office (ICO). A lack of awareness of information security is chief among them, deputy information commissioner David Smith told the first annual Human Factors in Information Security Conference in London. Failure to put existing security policies into effect is another common failing, said Smith, showing that people remain one of the biggest challenges to getting information security right.
ComputerWeekly.com  |  February 23, 2010

How Identity Governance Solves the Compliance Challenges Left by Provisioning Technology
The identity management landscape is changing. The need for stronger auditing controls is giving rise to identity governance tools that are supplanting ID provisioning solutions as the centralized management layer for identity.
Network World  |  February 11, 2010

PCI Compliance: What It Is and Why It Matters (Q&A)
If you own a bank account or use credit cards, chances are you've heard the term "PCI compliant." But you probably don't know what it means. The term is heard more and more frequently these days as data breaches at merchants like TJX, parent of TJMaxx, and payment processors Heartland Payment Systems and RBS WorldPay land millions of card records in the hands of hackers. CNET asked Bob Russo, general manager of the PCI Security Standards Council, to explain what is being done to keep criminals from accessing consumer payment card data.
CNET  |  February 8, 2010

Gaining Some Access Control Maturity
There's a general lack of maturity these days in most companies when it comes to managing data. The lack of a set of formal data governance policies is usually at the heart of most security breaches, which inevitably leads to business executives looking for an IT scapegoat. But while IT people are responsible for managing the systems that hold the data, it's up to the business to put real polices in place to govern data. To that end, Kelly Bissell, a principal with the IT consulting firm Deloitte & Touche, says companies need to evaluate their data governance processes along an access control maturity model.
ITBusinessEdge  |  February 2, 2010

The Intersection of Business Intelligence and Identity Management: Identity Governance
The emergence of identity governance allows organizations to transform technical identity data from across the enterprise into business-friendly information that can be used to drive governance and compliance initiatives. This centralized visibility gives executive and business users the "intelligence" they need to define and enforce business policy, audit and report on the effectiveness of internal controls, and more effectively manage risk.
ITBusinessEdge  |  January 27, 2010

Data Breach Costs Top $200 Per Customer Record
The cost of a data breach increased last year to $204 per compromised customer record, according to the Ponemon Institute's annual study. The average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009. Ponemon Institute based its estimates on data from 45 companies that publicly acknowledged a breach of sensitive customer data last year and were willing to discuss it.
Network World  |  January 25, 2010

Half a Million Pound Penalty Introduced for Personal Data Security Breaches by ICO
A £500,000 penalty has been introduced by the Information Commissioner's Office (ICO) for personal data security breaches. As revealed by SC Magazine last year, there are plans to increase the punishing powers of the ICO and an announcement revealed that it will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act.
SC Magazine  |  January 13, 2010

Heartland Breach Shows Why Compliance is Not Enough
Nearly a year after Heartland Payment Systems Inc. disclosed what turned out to be the biggest breach involving payment card data, the incident remains a potent example of how compliance with industry standards is no guarantee of security.
Computerworld  |  January 6, 2010

"Layoffs Prompt Insider Threat Fears, Cybersecurity Survey Finds"
Results from a new survey suggest IT professionals must be constantly vigilant in watching for employee reprisals against company systems, thanks to the uncertain economy and, in some cases, multiple rounds of layoffs.
SearchSecurity.com  |  Nov 11, 2009

"Federal Data-protection Law Inches Forward"
A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee. The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration. If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data.
Computerworld  |  Nov 5, 2009

"Why CIOs Need to Get Real About Identity and Access Management in 2010"
Economic, demographic and technology forces are not only reshaping how businesses must deal with identity and access management but also ushering in a new crop of identity service providers, according to Bob Blakley, director of research of the privacy and security group at Midvale, Utah-based Burton Group Inc. Indeed, Burton predicts 2009 and 2010 will prove to be "watershed years" in the identity and privacy market, as companies look beyond traditional IAM software to a network of service providers that can address their changing needs.
TechTarget  |  Oct 15, 2009

"Survey: Most Organizations Struggling to Secure Data"
Hampered with issues such as lack of CEO support and budgetary resources, organizations are struggling to secure sensitive data and the majority have experienced a breach, according to a survey released Wednesday by the Ponemon Institute. The survey of 517 U.S. and multinational IT security practitioners who are involved in their company's efforts to comply with the Payment Card Industry (PCI) Data Security Standard (DSS), found that 71 percent of respondents believe their organization does not view data security as a strategic initiative across the enterprise.
SC Magazine  |  Sept 23, 2009

"Centralizing Governance, Risk Management and Compliance"
It seems like an inordinate amount of time is spent assessing potential risks these days rather than working on things that add actual value to the business. One of the reasons for this is that a lot of companies have not adopted a centralized approach to managing governance, risk management and compliance (GRC). Instead, they take on each individual GRC task separately, even though that task may be redundant because it was already dealt with when the organization complied with some previous requirement.
ITBusinessEdge  |  Sept 22, 2009

"Biggest Breaches of 2009"
There have been 356 data breaches so far in 2009, according to the Identity Theft Resource Center (ITRC). And 46 of those breaches have involved financial institutions - up from 34 at this same time last year.
BankInfoSecurity  |  Aug 28, 2009

"External Attacks Start With Unintentional Mistakes, Survey Finds"
The four walls around a company's data servers are continuing to erode as end users are finding it increasingly easier to use Web-based tools and bring their work home and on the road. The latest survey finds that companies are more concerned than ever about unintentional employee errors that can lead to data leakage. The IDC survey, which is of 400 high-level managers in the United States, the United Kingdom, France and Germany, was sponsored by EMC's RSA security division. It found that 52% characterized their incidents arising from insider threats as predominantly accidental. The problem is on the rise as a result of companies using contractors and third-party partners to do business.
SearchSecurity.com  |  Aug 25, 2009

"Quick Wins in Identity Management"
In order to get projects approved during this economic downturn, many IT directors have to demonstrate an almost immediate return on investment. The good news is that there are some pockets of low hanging fruit in identity management that have a very immediate ROI. But keep in mind the old wisdom of "think big -- start small -- grow big". Ideally your quick wins should lead to a broader, transformative strategy to deliver more value.
Computerworld  |  Aug 12, 2009

"CEOs Underestimate Security Risks, Survey Finds"
Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
Computerworld  |  July 15, 2009

"The Problems and Benefits of Identity and Access Management"
Identity and access management (IAM) is arguably the broadest issue in IT security. There are few other single concepts that impact as widely on so many areas as that of managing identity in an enterprise business context. From enabling employees to access the internal resources they need to fulfil business aims, through companies outsourcing functionality and hardware to consumers seeking to bank, trade or buy goods remotely, all are dependent on secure, reliable identity and access management.
SC Magazine  |  June 30, 2009

"Developing a GRC Strategic Plan"
Governance, Risk, and Compliance can be confusing to understand in their individual capacities - bring them together as GRC and it can be even more confounding. GRC is more than a catchy acronym used by technology providers and consultants to market their solutions - it is a philosophy of business.
Corporate Integrity Blog  |  June 1, 2009

"Best Practices: How to Implement and Maintain Enterprise User Roles"
Enterprise role management is key in efficiently managing user access rights and enforcing access policies such as segregation of duties. Roles help companies group coarse- and fine-grained access rights (like access to and functionality within a financial accounts application) into groups, called enterprise roles.
SearchSecurity.com  |  May 12, 2009

"In-house Fraud Cases Surge"
Fraud committed against companies by their own employees has surged this year, new data suggest, providing fresh evidence that the recession is fuelling a rise in crime.
Financial Times  |  May 10, 2009

"Can You No Longer Avoid Closely Monitoring Employees?"
The insider threat has always existed, but in an era of economic upheaval and uncertainty, the problem is only magnified. That point came across in a recent Ponemon Institute survey of 945 individuals who were laid off, fired or quit their jobs during the last year, with 59% admitting to stealing company data and 67% using their former company's confidential information to leverage a new job.
NetworkWorld  |  April 27, 2009

"Governance, risk management and compliance: Putting it together"
Governance, risk management and compliance (GRC) planning is still a new concept, but already it has gotten a bit of a bad rap. Mainly, it's been called too vague and, now, frequently gets overused by vendors hocking their wares – whether these solutions directly are related to GRC or not.
SC Magazine  |  March 5, 2009

"Government Security News: Responses to Risky Realities in Government IT"
You might not recognize the names Joseph Thomas Colon or Claude Carpenter off the top of your head, but there were people at the FBI and the IRS who knew them before both men allegedly broke into government IT systems between 2001 and 2004. The people who knew the two men best probably also knew when they crossed the line from average employee/contractor to potential security risk. Owing largely to the two agencies' inability to protect critical systems and data adequately from their own internal staff, they became victims of a severe security breach and sabotage.
Government Security News  |  February 24, 2009

"Deloitte: Firms Lack Confidence They Can Deter Internal Attacks"
Human error is the leading cause for IT system breaches, and most corporate security officials do not feel confident they can protect their organizations from internal cyberattacks, according to Deloitte Touche Tohmatsu's annual survey. In all, the survey, released Wednesday, found that the global recession is putting information at great risk for these companies.
SC Magazine  |  February 05, 2009

"Data Breaches Cost More Than Money"
A study by the Ponemon Institute found the average cost of data breaches - from detection to notification to lost business – is rising. The No. 1 cost to companies is lost business, which now accounts for 69 percent of total costs.
eWeek  |  February 2, 2009

"Shell fingers IT contractor in theft of employee data"
Oil company says outside IT worker used info from database to file fake unemployment claims.
Computerworld  |  October 10, 2008

"Data Breaches Reach Record High"
First, the bad news: data breaches continue unabated at U.S. corporations, governments and universities, already surpassing last year's record 446 breaches, according to the ITRC (Identity Theft Resource Center). Through the end of September, the total number of data breaches recorded by the ITRC was 516, averaging 57 breaches a month.
eWeek  |  October 7, 2008

"How secure is secure enough?"
If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask.
Computerworld  |  July 28, 2008

"Why are security pros dealing with compliance?"
The dawn of the age of IT compliance has had any number of consequences for IT staffs in general, and security teams specifically. Now, instead of simply worrying about whether the network is running properly and the good guys can get in and the bad guys can't, security specialists have to consider how every modification, deployment and installation they make might affect the company's compliance with PCI DSS, Sarbanes-Oxley or HIPAA.
SearchSecurity.com  |  July 17, 2008

"Rotting at the Core"
Forget Ukrainian hackers. A bigger threat to your company's data security may be sitting in one of its cubicles. In the first half of 2008, the fraction of data breach incidents caused by employees stealing information more than doubled compared to last year, according to a report released Monday by the Identity Theft Resource Center.
Forbes.com  |  June 30, 2008

"2008 Security Survey: We're Spending More, But Data's No Safer Than Last Year"
In the face of growing demand to target security investments based on risk management principles – a domain foreign to many CIOs and infosec practitioners – there's wisdom to be garnered from our peers.
InformationWeek  |  June 28, 2008

"GRC and IAM – You can't separate it"
Today it is not necessary to buy the IAM and the GRC products from the same vendor, especially because the GRC solutions are in their early stage. And due to the fact that IAM tools always will focus more on the IT level whilst GRC focuses on the business level I'm not sure whether they shall be really integrated. But one thing is sure: You will need both levels of tools to fully support the business requirements which are driving IAM today.
Kuppinger Cole's Blog  |  June 6, 2008

For more articles, visit the Headlines & Editorials Archive »