Get Informed.

Take the first step in identifying your priorities, conducting a side-by-side product analysis and finding a solution that suits your needs.
Download your Buyer's Guide »

Get Started.

See IdentityIQ in action and how it can work for you.
Request your one-on-
one demo today »

Get Support.

Take advantage of SailPoint's helpful resource center with a collection of documentation on a range of today's hottest topics in identity management.
Learn more »

Get Informed.

Take the first step in identifying your priorities, conducting a side-by-side product analysis and finding a solution that suits your needs.
Download your Buyer's Guide »

Get Started.

Make the most of SailPoint's online support system, Compass, to plan, pilot, implement and deploy SailPoint IdentityIQ across your entire organization.
Log in now »

Get Support.

SailPoint's customer support portal is available 24x7. Request an account today and get the help you need.
Learn more »

Get Informed.

Take the first step in identifying your priorities, conducting a side-by-side product analysis and finding a solution that suits your needs.
Download your Buyer's Guide »

Get Started.

Learn more about how to become a SailPoint partner today.
Contact us »

Get Support.

SailPoint partners can access the knowledgebase, training info and more on Compass.
Request an account today »

Get Informed.

On a deadline? Reach out to the SailPoint PR team. Contact Erin Hanley at pr@sailpoint.com or 512-346-2000 ext. 32.
Contact Us »

Get Started.

Keep in touch with the latest news from SailPoint by subscribing to our quarterly newsletter.
Subscribe today »

Get Support.

Contact us today and let us know how we can help you.
Learn more »

Get Informed.

Keep in touch with the latest news from SailPoint by subscribing to our quarterly newsletter.
Subscribe today »

Get Started.

Join one of the industry's fastest growing companies! Visit our Careers page to see available opportunities.
Apply today »

Get Support.

Contact us today and let us know how we can help you.
Learn more »

Get Informed.

Keep in touch with the latest news from SailPoint by subscribing to our quarterly newsletter.
Subscribe today »

Get Started.

See IdentityIQ in action and how it can work for you.
Request your one-on-
one demo today »

Get Support.

Contact us today and let us know how we can help you.
Learn more »

Get Support.

Talk directly to a member of SailPoint's technical support team by calling: +1 (512) 346-2000 x 771.
Get support »

Get Informed.

Customers have access to user community discussions, the knowledgebase, training and documentation on Compass.
Request an account today »

Get Started.

Login to Compass, the online community portal, to access the support portal and get answers today.
Log in now »

Bookmark and Share

Risk Never Sleeps – Time to Rise and Shine

Kevin Cunningham

By Kevin Cunningham
President and Co-founder

It seems like you can't get your news these days without reading about another organization that's lost sensitive customer data or fallen victim to a trusted employee committing internal fraud. Paradoxically, breaches are occurring with increasing frequency despite the flood of regulations mandating stronger security and privacy practices.

Part of the answer to this puzzle lies in the fact that many organizations fail to effectively align security and compliance activities with tangible goals to reduce actual risk. Companies that implement "check-the-box" compliance processes are likely not addressing the true areas of risk to the business. What's missing is a disciplined approach to managing risk that quantitatively evaluates exposures and consequences.

Taking a risk-based approach to managing user access to sensitive applications and data is key when it comes to protecting your organization's reputation, intellectual property, and financial integrity. But where do you start? Here are a few practical steps organizations can take to build risk management into their identity infrastructure:

  • Inventory IT assets and classify by business risk. To adequately protect your information assets, create a common framework that will allow you to determine the level and severity of risk associated with each asset.
  • Gain enterprise-wide visibility to user access privileges, and systematically identify high-risk users. Start with building a comprehensive view of "who has access to what" across all of your high-risk or compliance-relevant applications. You can then employ rules-based analytics to identify high-risk users based on the number and type of access privileges held by the user, policy violations detected, or other user attributes such as temporary/contractor status or location. My advice: start with a simple risk model and build from that base.
  • Take a risk-based approach in the design of IT controls. Prioritize controls that relate to areas of greatest business risk – avoid treating all assets and users the same. This will ensure you get the biggest impact from your efforts.
  • Remember, you need to measure risk in order to manage it. Metrics deliver the information needed to make informed decision and to monitor and improve your organization's risk management performance.

Remember the famous quote by Benjamin Franklin, "An ounce of prevention is worth a pound of cure"? Well, he's right. It's time to get ahead of risk, and, in this edition of SailPoint Navigate, we offer you tools, real-world examples and expert advice that will help you do just that.

Coffee's ready,

Kevin Cunningham
President and Co-founder
SailPoint