Identity Gets Smart
Mark McClain, CEO & Founder opens up to InformationWeek about identity governance. Watch the video »
Identity Governance Buyer's Guide - 2nd Edition
Streamline Compliance
Deliver Convenient Access
Get the Big Picture
Align Access with Business
Apply Best Practices
Manage Identity Data
Manage Compliance
Succeed with SailPoint
Don't take our word for it, see what others are saying.
Stay Connected
Subscribe to our quarterly newsletter. Get the latest news and views with SailPoint's podcast series, "The Identity Intelligence Insider"
Media Contacts
Kari Hanson Michelle Dillon
Choose Wisely
SailPoint's innovative approach is getting noticed. Don't take our word for it, see what others are saying.
Subscribe
SailPoint's Identity Intelligence Insider is a monthly podcast series on hot topics in identity risk management.
CONTACT US
Hours Email Phone
Schedule a Demo
"By using roles to request, approve and certify user access privileges, BNSF will be able to simplify its user administration and compliance processes. SailPoint IdentityIQ will allow us to enforce and verify role-based access across our critical enterprise applications using a streamlined, automated approach." Bart Boudreaux, Director, Technology Services, BNSF Railway
"SailPoint helps us define the connection between user access, financial control and intellectual property protection. Their risk-aware approach focuses on the relative risks associated with user access within our business." Russ Finney, Vice President of U.S. Information Systems operations for Tokyo Electron, U.S. Holdings
"Businesses that are concerned with compliance mandates and ensuring the security and integrity of their IT systems cannot afford 12 to 18 month deployments. With IdentityIQ, organizations can gain immediate payback from automating key governance processes to better address business risk." Kevin Cunningham, Co-Founder and President, SailPoint
"As a publicly-traded company and financial services provider, we are subject to a variety of regulations including FISMA, SOX, PCI, and SAS 70. To meet these requirements, we are standardizing and automating our compliance processes for identity management, so that we can centrally control who gets access to sensitive resources and maintain compliance as the organization changes over time. This centralized and automated approach allows us to proactively address risk and more efficiently maintain a compliant, secure environment." Jerry Archer, Chief Security Officer, Sallie Mae |
At the Helm: A Smooth Path to Identity
|
 By Jackie Gilbert |
Adopting a risk management approach to identity may seem out of reach for many companies – but it needn't be a giant cultural or technological change. At SailPoint, we believe in a stepwise approach that delivers immediate and short-term results while moving your business toward a long-term vision of "true" risk management. After all, you have to crawl (and get out from under your greatest area of pain), before you can walk or run.
We designed our product, SailPoint Compliance IQ, to be flexible and modular, so it can be deployed to solve specific identity management or compliance-driven projects while laying the foundation for a risk-based approach. Taking baby steps makes sense in a lot of ways, as it allows you to show quick progress and get buy-in from other stakeholders.
Let's take a financial services firm as a good example. In order to comply with Sarbanes-Oxley, the company was required to audit and certify user access to sensitive financial data on a quarterly basis. Like many businesses, the company had a mostly manual access certification process. Every quarter, the staff spent hundreds of hours generating reports across multiple applications and platforms, compiling and correlating the data, so that supervisors could review and approve access privileges for each user.
This project was an ideal starting point for SailPoint Compliance IQ. Our product helps companies solve their most pressing compliance pains, such as access certifications or separation of duty (SOD) policy enforcement, while building a foundation for risk management. The following illustrates a practical approach that works for this company's needs:
Step 1: Compliance IQ automates the entire access certification process, correlating and formatting all user access data into one simple web interface for review and approval. This process vastly improves the quality and reliability of reports, while dramatically shrinking the time it takes to generate and review them.
Step 2: Compliance IQ's "identity intelligence" approach gives the company centralized visibility into identity data and allows them to apply common policy across applications and platforms. The new consolidated view of access privileges makes it much easier for reviewers to spot inappropriate and/or excess access points, while automation provides a way to systematically eliminate policy violations.
Step 3: Moving towards "true" identity risk management, the company can apply Compliance IQ's risk model to their centralized view of identity data, pinpointing "hot spots" of higher-than-average business risk. The company can then focus its controls and monitoring based on risk and demonstrate measurable improvements in risk reduction over time.
In plain terms, SailPoint Compliance IQ helps organizations to progressively build identity compliance and risk management capabilities with the end goal of reducing their overall business risk.
If you'd like to find out how your organization's identity compliance and risk management capabilities measure up, check out our interactive compliance assessment tool and receive an initial assessment with our recommendations.
Prepare now for smoother sailing tomorrow,
Jackie