|
Identity Governance Buyer's Guide
Succeed with SailPoint
Don't take our word for it, see what others are saying. Stay Connected
Subscribe to our quarterly newsletter. Get the latest news and views with SailPoint's podcast series, "The Identity Intelligence Insider" Media Contacts
Kari Hanson Michelle Dillon Choose Wisely
SailPoint's innovative approach is getting noticed. Don't take our word for it, see what others are saying. Subscribe
SailPoint's Identity Intelligence Insider is a monthly podcast series on hot topics in identity risk management. CONTACT US
Hours Email Phone Schedule a Demo
"SailPoint helps us define the connection between user access, financial control and intellectual property protection. Their risk-aware approach focuses on the relative risks associated with user access within our business." Russ Finney, Vice President of U.S. Information Systems operations for Tokyo Electron, U.S. Holdings "Businesses that are concerned with compliance mandates and ensuring the security and integrity of their IT systems cannot afford 12 to 18 month deployments. With IdentityIQ, organizations can gain immediate payback from automating key governance processes to better address business risk." Kevin Cunningham, Co-Founder and President, SailPoint |
ViewpointsQuotes, research findings and recommendations from leading industry analysts and gurus on topics such as information security, identity management and compliance. "Enterprise role management is key in efficiently managing user access rights and enforcing access policies such as segregation of duties. Roles help companies group coarse- and fine-grained access rights (like access to and functionality within a financial accounts application) into groups, called enterprise roles. These enterprise roles map to job functions and are only allowed access rights that don't violate segregation of duties. For instance, a financial clerk role can't contain fine-grained access rights that allow someone in the role to access the accounts receivable and accounts payable parts of the financial application." "When considering an identity management suite, don't make the same mistake that many of your colleagues have made by failing to thoroughly evaluate all identity management products under consideration before a purchase. Most organizations begin their evaluations by looking for a single product to meet a pressing need. At purchase time, the vendor then offers the customer a steep discount to compel the purchase of multiple identity management products. The deployment of the primary product goes well, but then the organization finds out that the other purchased products don't meet its needs, or require significant customization to work." "In the face of today's challenging economic environment, businesses are moving to reduce IT costs while delivering critical business systems, including regulatory compliance. SailPoint is addressing these challenges by providing faster, less costly, and less risky delivery methods to deliver near term business value. We're seeing great results from our partnership to provide software delivery models to make it easier for companies to buy, deploy and maintain their software." "SailPoint Technologies forcefully enters the market during 2008. SailPoint Technologies approached the role management market from the access recertification and role mining side, and added role management and workflow capabilities in late 2007. The IdentityIQ product represents business terms in its user interface and can monitor not only normal user but also
privileged user and system administrator activity. Application and organization onboarding, role prioritization, and cleanup of excessive entitlements are aided by the product's advanced risk model. It also provides outstanding support for avoiding role erosion and cleaning up stale roles during access recertification. Of all the vendors, SailPoint Technologies reported the capability to manage the largest number of rules for role definition." "Access certification provides relief from regulations, internal controls, and audit pressure and is a powerful means to reduce enterprise risk. Although most enterprises use internally developed processes and not commercial off-the-shelf (COTS) products, numerous vendors are offering products that are sophisticated and well thought out. Enterprises looking to reduce access-related risk while hoping to eventually tackle role management and user provisioning should promote access certification in their thinking, giving it the more prominent role in the overall identity management program that it deserves." "IT provides tools that enable governance activities. However, IT departments are increasingly being asked to enact business polices and automate business processes of which they neither have knowledge of, nor control over. To close this divide, policy decisions and compliance monitoring must be pushed to the business owners. Identity management vendors have begun to address this issue through improved workflow, delegated-administration, self-service, and access attestation functionality." "GRC costs continue to rise as national and global mandates proliferate. In order to gain sufficient efficiency, enterprises must automate as many GRC-related activities as possible to ensure a repeatable, sustainable, and cost-effective risk and compliance regimen." "SailPoint Technologies has created an innovative identity management and compliance solution that integrates identity governance techniques with a risk-based approach. This solution addresses the challenges in maintaining and managing a large number of users and their entitlements." "Companies are looking at controls from a risk perspective instead of trying to control everything. It is about people managing risk and not about technology trying to make risk disappear." "I recently published my "2008 GRC Drivers, Trends, & Market Directions" research illustrating the dynamic and growing nature of GRC adoption within organizations and the direction and size of the overall GRC market for products and services. Below are the summary highlights from this piece of research. The Governance, Risk, and Compliance (GRC) market is in significant momentum as organizations embrace collaboration across silos of GRC and generally recognize that something needs to be done." "SailPoint's approach to identity risk management links risk analytics and controls automation with identity audit and identity monitoring to augment the user-provisioning component of IAM. This approach reflects SailPoint's belief that managing risk does not need to be simply a passive or strategic planning phase at the executive level, but should be executed operationally. No other role management vendor tries to bring together such unique stakeholders (executives in business and IT operations) in the IAM buying experience." "The requirement to demonstrate compliance has caused audit teams to cast a wider net into other areas of policy and privilege management. For example, identity audit solutions, such as SailPoint Technologies, are being evaluated in conjunction with provisioning solutions in order to satisfy these requirements. Because of the increasing influence of audit and accountability, it is very important to understand the requirements for compliance and how these affect the selection and implementation of appropriate solutions." "SailPoint is...in the process of establishing the new market segment of "Identity Risk Management." That is a discipline within GRC which deals specifically with risks which are in some way or another identity-related – which are most of the risks, by the way. It's about answering questions like "who is allowed to do what," but in detail and not only high-level. And with a high degree of automation...they understand a lot about Identity Management and...also understand what the customers need beyond provisioning. ...the entire new discipline of Identity Risk Management is a must." "When a typical large enterprise has tens of thousands of users and thousands of applications, basic identity audit and compliance tasks like certifying which users have access to critical applications and data are monumental. Organizations that master these tactical matters are poised to tackle the next big challenge and opportunity for most enterprises – collaborating with business managers to determine acceptable levels of risk for users and IT resources." "We see many organizations stymied by bad identity data in their enterprise identity management initiatives. Cleaning up bad data, filling in missing data and eliminating orphan accounts are critical prerequisites to successfully undertaking complex identity management projects. Moving past those tasks allows organizations to focus their efforts on matters that yield true business value like automating compliance and reducing risk." "Today's enterprise faces a daunting range of IT risks – from security, business malfeasance and insider threats to business-critical IT service availability, performance and integrity issues. Regulatory requirements intended to curb these risks have also driven the pursuit of more effective IT governance. IT risk management has become the lynchpin of all these demands. Putting a strategic IT risk management program into place can provide substantial benefits for the enterprise, not only in controlling threats to critical IT services, but also in giving the business a stronger competitive edge through more effective technology discipline." "In order to meet regulatory and corporate governance requirements, enterprises must implement a variety of controls over identity-related information – often requiring products from more than one vendor. Vendors that deliver integrated solutions provide value to customers by lowering costs and making software easier to deploy and easier to use." "A new market that Gartner refers to as identity auditing has been created largely to fill the gap between what the IdM market currently provides and what the customer wants (identity and resource views for users, roles, fine-grained entitlements and the approval process)." |
