Identity Gets Smart

SailPoint CEO Interviewed for StartUp City

Mark McClain, CEO & Founder opens up to InformationWeek about identity governance. Watch the video »

Identity Governance Buyer's Guide - 2nd Edition

Identity Governance Buyer's GuideContains tools to help you identify your priorities, conduct side-by-side product analysis and find a solution that suits your needs. Download the Guide »

Streamline Compliance

Streamline ComplianceLearn how SailPoint makes compliance more effective and sustainable.

Download the Compliance Manager data sheet »

Deliver Convenient Access

Access Request Manager Data SheetLearn how SailPoint keeps pace with access change.

Download the Lifecycle Manager data sheet »

Get the Big Picture

Get the Big PictureSee exactly how SailPoint IdentityIQ works.

Download the SailPoint IdentityIQ brochure »

Align Access with Business

Align Access with BusinessLearn how SailPoint strengthens identity governance.

Download the Role Manager data sheet »

Apply Best Practices

Apply Best PracticesLearn how to plan ahead for successful role management.

Download the White Paper: Practical Role Management »

Manage Identity Data

Manage Identity DataLearn how to improve visibility and transparency.

Download the Identity Intelligence data sheet »

Manage Compliance

Manage ComplianceLearn how Identity Governance helps meet compliance requirements.

Download the white paper »

Succeed with SailPoint

Don't take our word for it, see what others are saying.

Stay Connected

Subscribe to our quarterly newsletter.

Subscribe »


Get the latest news and views with SailPoint's podcast series, "The Identity Intelligence Insider"

Listen »  |  Subscribe »

Media Contacts

Kari Hanson
pr@sailpoint.com
phone: 978-373-4003


Michelle Dillon
Beaupre & Co. Public Relations
mdillon@beaupre.com
phone: 603-559-5835

Choose Wisely

SailPoint's innovative approach is getting noticed. Don't take our word for it, see what others are saying.

Subscribe

SailPoint's Identity Intelligence Insider is a monthly podcast series on hot topics in identity risk management.

Listen »

CONTACT US

Hours
8:00AM - 6:00PM CST
Monday through Friday excluding holidays

Email
support@sailpoint.com

Phone
(888) 4SAILPT
(888) 472-4578

Schedule a Demo

Schedule a DemoSee IdentityIQ in action, request a one-on-one demo today.

"By using roles to request, approve and certify user access privileges, BNSF will be able to simplify its user administration and compliance processes. SailPoint IdentityIQ will allow us to enforce and verify role-based access across our critical enterprise applications using a streamlined, automated approach."

Bart Boudreaux, Director, Technology Services, BNSF Railway

"SailPoint helps us define the connection between user access, financial control and intellectual property protection. Their risk-aware approach focuses on the relative risks associated with user access within our business."

Russ Finney, Vice President of U.S. Information Systems operations for Tokyo Electron, U.S. Holdings

"Businesses that are concerned with compliance mandates and ensuring the security and integrity of their IT systems cannot afford 12 to 18 month deployments. With IdentityIQ, organizations can gain immediate payback from automating key governance processes to better address business risk."

Kevin Cunningham, Co-Founder and President, SailPoint

"As a publicly-traded company and financial services provider, we are subject to a variety of regulations including FISMA, SOX, PCI, and SAS 70. To meet these requirements, we are standardizing and automating our compliance processes for identity management, so that we can centrally control who gets access to sensitive resources and maintain compliance as the organization changes over time. This centralized and automated approach allows us to proactively address risk and more efficiently maintain a compliant, secure environment."

Jerry Archer, Chief Security Officer, Sallie Mae
Bookmark and Share

New Auditor Survey Confirms Poor Communication, Inefficiencies Cripple IT Compliance Efforts

Risk-Based Approach Widely Viewed as Key to Gaining Control of Access to Critical Systems and Data

TRAVERSE CITY, Mich. and AUSTIN, Texas, August 6, 2007 – New research from the Ponemon Institute reveals that, despite the importance internal auditors and corporate compliance professionals place on ensuring proper access to systems and data – 70 percent of respondents say it is critical to IT compliance – the majority report inadequacies in current practice. Eighty-two percent say a risk-based approach would be more effective.

"Audit and compliance professionals are clearly struggling to gain control over issues at the heart of IT compliance, knowing who has access to what in your organization," said Larry Ponemon, chairman and founder, Ponemon Institute. "They must do an incredibly complex and important job the hard way – manually and reactively – and they know it. Almost all would prefer to focus their efforts on the areas of greatest business risk, but they need help getting there."

Commissioned by SailPoint Technologies, the survey, entitled Audit & Compliance Professionals: Survey on Identity Compliance, examines the views of auditors and corporate compliance staff on the state of compliance practices that focus on ensuring proper access to systems and data. Findings from analysis of 845 responses point to a number of inadequacies including:

  • Reliance on Manual Processes – Audit and compliance staff rely on manual efforts to manage compliance processes. Fifty-eight percent manually monitor and test controls on user permissions and activities, depending almost exclusively on reports generated by others rather than software tools (90 percent).
  • Lack of Centralized Control – Organizations have not established clear ownership of compliance oversight or processes around reporting on and monitoring user access to critical systems and data, with a wide majority conducting compliance efforts in a decentralized fashion at the application or department level (86 percent). Fragmentation of the data and distribution of responsibility among many groups are cited as the top two barriers to automating compliance.
  • Poor Communication and Collaboration – Audit and compliance staff report little to no collaboration with departments who share responsibility for IT compliance (61 percent), citing a poor understanding of risk management and compliance among other departments as the key barrier (65 percent).
  • Inattention to Business Risk – Asked if their organizations focus their compliance resources or efforts based on risk, half do not think so or are unsure, and the majority report the information necessary to quantify risk is simply not available (58 percent).

The full survey offers a comparative analysis of responses from audit and compliance staff with responses from IT security professionals to an earlier companion survey published by the Ponemon Institute in March 2007, also commissioned by SailPoint. Major points of agreement between the groups are poor collaboration and reliance on manual processes: IT professionals report little to no collaboration with audit and compliance staff (65 percent), citing a lack of technical expertise as the key barrier (42 percent); and 53 percent characterize efforts as manual and labor-intensive. Eightythree percent of IT respondents also say a risk-based approach would be more effective for ensuring proper access to systems and data. Key differences are business drivers – audit/compliance groups seek better control and security (44 percent) while IT groups seeks higher efficiency (40 percent).

"Organizations are achieving compliance by throwing people at the problem, but they don't know where their risks are," said Jackie Gilbert, vice president of marketing and founder of SailPoint. "By taking steps to centralize and automate their efforts, companies can begin to regain control with a sustainable and effective approach that allows them to identify and reduce potential business risks like intellectual property loss, privacy breaches, brand damage and inaccurate financial reporting."

For a copy of the Audit & Compliance Professionals: Survey on Identity Compliance, go to http://www.sailpoint.com/studies/ponemon2. Please visit the Resource Center at http://www.sailpoint.com for a copy of the companion piece Survey on Identity Compliance.

About The Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About SailPoint

SailPoint Technologies, Inc. develops software with unique "Identity Intelligence" that helps organizations achieve regulatory compliance, improve internal controls and manage risks associated with the proliferation of enterprise-wide identity data. Founded in December 2005, SailPoint is based in Austin, Texas.