Identity Gets Smart

SailPoint CEO Interviewed for StartUp City

Mark McClain, CEO & Founder opens up to InformationWeek about identity governance. Watch the video »

Identity Governance Buyer's Guide - 2nd Edition

Identity Governance Buyer's GuideContains tools to help you identify your priorities, conduct side-by-side product analysis and find a solution that suits your needs. Download the Guide »

Streamline Compliance

Streamline ComplianceLearn how SailPoint makes compliance more effective and sustainable.

Download the Compliance Manager data sheet »

Deliver Convenient Access

Access Request Manager Data SheetLearn how SailPoint keeps pace with access change.

Download the Lifecycle Manager data sheet »

Get the Big Picture

Get the Big PictureSee exactly how SailPoint IdentityIQ works.

Download the SailPoint IdentityIQ brochure »

Align Access with Business

Align Access with BusinessLearn how SailPoint strengthens identity governance.

Download the Role Manager data sheet »

Apply Best Practices

Apply Best PracticesLearn how to plan ahead for successful role management.

Download the White Paper: Practical Role Management »

Manage Identity Data

Manage Identity DataLearn how to improve visibility and transparency.

Download the Identity Intelligence data sheet »

Manage Compliance

Manage ComplianceLearn how Identity Governance helps meet compliance requirements.

Download the white paper »

Succeed with SailPoint

Don't take our word for it, see what others are saying.

Stay Connected

Subscribe to our quarterly newsletter.

Subscribe »


Get the latest news and views with SailPoint's podcast series, "The Identity Intelligence Insider"

Listen »  |  Subscribe »

Media Contacts

Kari Hanson
pr@sailpoint.com
phone: 978-373-4003


Michelle Dillon
Beaupre & Co. Public Relations
mdillon@beaupre.com
phone: 603-559-5835

Choose Wisely

SailPoint's innovative approach is getting noticed. Don't take our word for it, see what others are saying.

Subscribe

SailPoint's Identity Intelligence Insider is a monthly podcast series on hot topics in identity risk management.

Listen »

CONTACT US

Hours
8:00AM - 6:00PM CST
Monday through Friday excluding holidays

Email
support@sailpoint.com

Phone
(888) 4SAILPT
(888) 472-4578

Schedule a Demo

Schedule a DemoSee IdentityIQ in action, request a one-on-one demo today.

"By using roles to request, approve and certify user access privileges, BNSF will be able to simplify its user administration and compliance processes. SailPoint IdentityIQ will allow us to enforce and verify role-based access across our critical enterprise applications using a streamlined, automated approach."

Bart Boudreaux, Director, Technology Services, BNSF Railway

"SailPoint helps us define the connection between user access, financial control and intellectual property protection. Their risk-aware approach focuses on the relative risks associated with user access within our business."

Russ Finney, Vice President of U.S. Information Systems operations for Tokyo Electron, U.S. Holdings

"Businesses that are concerned with compliance mandates and ensuring the security and integrity of their IT systems cannot afford 12 to 18 month deployments. With IdentityIQ, organizations can gain immediate payback from automating key governance processes to better address business risk."

Kevin Cunningham, Co-Founder and President, SailPoint

"As a publicly-traded company and financial services provider, we are subject to a variety of regulations including FISMA, SOX, PCI, and SAS 70. To meet these requirements, we are standardizing and automating our compliance processes for identity management, so that we can centrally control who gets access to sensitive resources and maintain compliance as the organization changes over time. This centralized and automated approach allows us to proactively address risk and more efficiently maintain a compliant, secure environment."

Jerry Archer, Chief Security Officer, Sallie Mae

Bookmark and Share

Viewpoints

Quotes, research findings and recommendations from leading industry analysts and gurus on topics such as information security, identity management and compliance.

"Having a foundational identity and access governance platform in place and then expanding it into provisioning makes a lot of sense for companies. Building a complete view of entitlements and access privileges is step one. The next step is to leverage role management and create a centralized policy that dictates who should have access to those resources. Companies then have the benefit of leveraging that model, built for compliance, across its provisioning processes."
Ian Glazer, Senior Analyst, Burton Group (acquired by Gartner)  |  March 22, 2010

"SailPoint IdentityIQ is a mature IAG product that has been available since early 2007. SailPoint supports all of the surveyed IAG capabilities and provides a single, integrated user-interface for them. It has excellent holistic integration of identity threat and SoD that enhances its core role management and access certification capabilities. The product can retrieve entitlements directly from some target platforms and can leverage an external provisioning system for others."
Mark Diodati and Ian Glazer, Burton Group:
"Market Profile: Identity and Access Governance, 2010"  |  January 28, 2010

"Identity and access governance's rise will continue to the point that it is seen as a dominant component of the IdM universe. With its business-centric focus and easy-to-use user interfaces, identity and access governance (IAG) reflects identity management's true nature: managing people and their responsibilities to achieve business goals while minimizing enterprise risk. By being policy driven and relying on business-readable entitlement information, IAG products facilitate conversations between line-of-business, IT, security, audit, and human resource teams; it is those conversations that are the future of identity management."
Mark Diodati and Ian Glazer, Burton Group:
"Market Profile: Identity and Access Governance, 2010"  |  January 28, 2010

"Identity and access management is finally beginning to grow up and bridge some of the gaps between what the enterprise needs and what IT can do for them. In governance, risk and compliance management, for example, strong access controls coupled with access request, approval and review processes are needed by the business to enable them to fully realize value from their policies, guidelines and practices. This is particularly the case for managing risk. Those IAM solutions that provide the business bridge between IAM and GRC management staff will play a significant role in enterprise access needs of the future."
Earl Perkins, Research Vice President, Gartner, Inc.  |  November 9, 2009

"The constant drumbeat of compliance requirements of the past few years has definitely impacted the IdM marketplace. For too long, user provisioning tools were positioned as the cornerstone of compliance activities-primarily role management, access certification, and reporting-but could never live up to expectations. Even mature provisioning deployments do not have the breadth (number of managed applications and systems) or depth (detail of entitlements per user) of access data to perform compliance functions. In response, vendors have dedicated resources to enhancing (and acquiring) role management, access certification, and other tools to improve reporting and dashboard capabilities. Burton Group categorizes this collection of functionality as access and identity governance."
Lori Rowland and Gerry Gebel, Burton Group, "Identity Management Market 2009: Doing More with Less"  |  July 20, 2009

"Many organizations, unfortunately, still do not possess an accurate or complete view of access or identity controls across their environments. One of the biggest benefits of access and identity governance tools is the ability to reach across the application portfolio in an organization and to dig up the application entitlements within these silos. A broad and deep perspective becomes available for a variety of analysis, reporting, or business decision support functions."
Gerry Gebel, Burton Group, "Access and Identity Governance: Leading to Transparency and Visibility?"  |  July 13, 2009

"One of the more interesting aspects of these products is the use of business intelligence (BI) tools and terminology ... SailPoint uses advanced data mining and identity intelligence to provide a risk scoring system to help visualize the risk posture of an organization's infrastructure."
Gerry Gebel, Burton Group, "Access and Identity Governance: Leading to Transparency and Visibility?"  |  July 13, 2009

"[IdentityIQ's] application and organization onboarding, role prioritization, and cleanup of excessive entitlements are aided by the product's advanced risk model. It also provides outstanding support for avoiding role erosion and cleaning up stale roles during access recertification."
Andras Cser, Forrester Research "Market Overview: Enterprise Role Management."  |  May 12, 2009

"One of the more interesting aspects of these products is the use of business intelligence (BI) tools and terminology ... SailPoint uses advanced data mining and identity intelligence to provide a risk scoring system to help visualize the risk posture of an organization's infrastructure."
Gerry Gebel, Burton Group, "Access and Identity Governance: Leading to Transparency and Visibility?"  |  May 12, 2009

"Enterprise role management is key in efficiently managing user access rights and enforcing access policies such as segregation of duties. Roles help companies group coarse- and fine-grained access rights (like access to and functionality within a financial accounts application) into groups, called enterprise roles. These enterprise roles map to job functions and are only allowed access rights that don't violate segregation of duties. For instance, a financial clerk role can't contain fine-grained access rights that allow someone in the role to access the accounts receivable and accounts payable parts of the financial application."
Andras Cser, Forrester Research"Best Practices: How to Implement and Maintain Enterprise User Roles" SearchSecurity.com |  May 12, 2009

"When considering an identity management suite, don't make the same mistake that many of your colleagues have made by failing to thoroughly evaluate all identity management products under consideration before a purchase. Most organizations begin their evaluations by looking for a single product to meet a pressing need. At purchase time, the vendor then offers the customer a steep discount to compel the purchase of multiple identity management products. The deployment of the primary product goes well, but then the organization finds out that the other purchased products don't meet its needs, or require significant customization to work."
Mark Diodati, Burton Group"Changing Times for Identity Management" Information Security |  May 2009

"In the face of today's challenging economic environment, businesses are moving to reduce IT costs while delivering critical business systems, including regulatory compliance. SailPoint is addressing these challenges by providing faster, less costly, and less risky delivery methods to deliver near term business value. We're seeing great results from our partnership to provide software delivery models to make it easier for companies to buy, deploy and maintain their software."
Terry Jost, CEO, Mycroft, Inc. |  March 23, 2009

"SailPoint Technologies forcefully enters the market during 2008. SailPoint Technologies approached the role management market from the access recertification and role mining side, and added role management and workflow capabilities in late 2007. The IdentityIQ product represents business terms in its user interface and can monitor not only normal user but also privileged user and system administrator activity. Application and organization onboarding, role prioritization, and cleanup of excessive entitlements are aided by the product's advanced risk model. It also provides outstanding support for avoiding role erosion and cleaning up stale roles during access recertification. Of all the vendors, SailPoint Technologies reported the capability to manage the largest number of rules for role definition."
Forrester, "Market Overview: Enterprise Role Management" by Andras Cser  |  February 6, 2009

"Access certification provides relief from regulations, internal controls, and audit pressure and is a powerful means to reduce enterprise risk. Although most enterprises use internally developed processes and not commercial off-the-shelf (COTS) products, numerous vendors are offering products that are sophisticated and well thought out. Enterprises looking to reduce access-related risk while hoping to eventually tackle role management and user provisioning should promote access certification in their thinking, giving it the more prominent role in the overall identity management program that it deserves."
Burton Group, "Access Certification: An Intersection of Compliance and Risk Management" by Ian Glazer  |  January 20, 2009

"IT provides tools that enable governance activities. However, IT departments are increasingly being asked to enact business polices and automate business processes of which they neither have knowledge of, nor control over. To close this divide, policy decisions and compliance monitoring must be pushed to the business owners. Identity management vendors have begun to address this issue through improved workflow, delegated-administration, self-service, and access attestation functionality."
Kevin Kampman, senior analyst, Burton Group  |  October 21, 2008

"GRC costs continue to rise as national and global mandates proliferate. In order to gain sufficient efficiency, enterprises must automate as many GRC-related activities as possible to ensure a repeatable, sustainable, and cost-effective risk and compliance regimen."
John Hagerty, AMR Research  |  October 9, 2008

"SailPoint Technologies has created an innovative identity management and compliance solution that integrates identity governance techniques with a risk-based approach. This solution addresses the challenges in maintaining and managing a large number of users and their entitlements."
Zachariah Thomas, Frost & Sullivan  |  September 2008

"Companies are looking at controls from a risk perspective instead of trying to control everything. It is about people managing risk and not about technology trying to make risk disappear."
Jamie Lewis, CEO, Burton Group  |  Keynote address at 2008 Catalyst Conference  |  June 25, 2008

"I recently published my "2008 GRC Drivers, Trends, & Market Directions" research illustrating the dynamic and growing nature of GRC adoption within organizations and the direction and size of the overall GRC market for products and services. Below are the summary highlights from this piece of research. The Governance, Risk, and Compliance (GRC) market is in significant momentum as organizations embrace collaboration across silos of GRC and generally recognize that something needs to be done."
Michael Rasmussen, Corporate Integrity  |  read blog  |  April 7, 2008

"SailPoint's approach to identity risk management links risk analytics and controls automation with identity audit and identity monitoring to augment the user-provisioning component of IAM. This approach reflects SailPoint's belief that managing risk does not need to be simply a passive or strategic planning phase at the executive level, but should be executed operationally. No other role management vendor tries to bring together such unique stakeholders (executives in business and IT operations) in the IAM buying experience."
Gartner, Inc., "Cool Vendors in Identity and Access Management, 2008" by Earl Perkins et al  |  April 4, 2008

"The requirement to demonstrate compliance has caused audit teams to cast a wider net into other areas of policy and privilege management. For example, identity audit solutions, such as SailPoint Technologies, are being evaluated in conjunction with provisioning solutions in order to satisfy these requirements. Because of the increasing influence of audit and accountability, it is very important to understand the requirements for compliance and how these affect the selection and implementation of appropriate solutions."
Lori Rowland and Kevin Kampman, Burton Group  |  February 13, 2008

"SailPoint is...in the process of establishing the new market segment of "Identity Risk Management." That is a discipline within GRC which deals specifically with risks which are in some way or another identity-related – which are most of the risks, by the way. It's about answering questions like "who is allowed to do what," but in detail and not only high-level. And with a high degree of automation...they understand a lot about Identity Management and...also understand what the customers need beyond provisioning. ...the entire new discipline of Identity Risk Management is a must."
Martin Kuppinger, Kuppinger Cole  |  read blog  |  December 19, 2007

"When a typical large enterprise has tens of thousands of users and thousands of applications, basic identity audit and compliance tasks like certifying which users have access to critical applications and data are monumental. Organizations that master these tactical matters are poised to tackle the next big challenge and opportunity for most enterprises – collaborating with business managers to determine acceptable levels of risk for users and IT resources."
Lori Rowland, Analyst, Burton Group  |  December 5, 2007

"We see many organizations stymied by bad identity data in their enterprise identity management initiatives. Cleaning up bad data, filling in missing data and eliminating orphan accounts are critical prerequisites to successfully undertaking complex identity management projects. Moving past those tasks allows organizations to focus their efforts on matters that yield true business value like automating compliance and reducing risk."
Roberta J. Witty, research vice president, Gartner Inc.  |  November 7, 2007

"Today's enterprise faces a daunting range of IT risks – from security, business malfeasance and insider threats to business-critical IT service availability, performance and integrity issues. Regulatory requirements intended to curb these risks have also driven the pursuit of more effective IT governance. IT risk management has become the lynchpin of all these demands. Putting a strategic IT risk management program into place can provide substantial benefits for the enterprise, not only in controlling threats to critical IT services, but also in giving the business a stronger competitive edge through more effective technology discipline."
Scott Crawford, Research Director, Enterprise Management Associates  |  August 30, 2007

"In order to meet regulatory and corporate governance requirements, enterprises must implement a variety of controls over identity-related information – often requiring products from more than one vendor. Vendors that deliver integrated solutions provide value to customers by lowering costs and making software easier to deploy and easier to use."
Lori Rowland, Analyst, Burton Group  |  June 27, 2007

"A new market that Gartner refers to as identity auditing has been created largely to fill the gap between what the IdM market currently provides and what the customer wants (identity and resource views for users, roles, fine-grained entitlements and the approval process)."
Gartner, Inc., "Hype Cycle for Identity and Access Management Technologies, 2007" by Gregg Kreizman et al, June 21, 2007.

For more insights, visit the Viewpoints Archive »