Identity Gets Smart

SailPoint CEO Interviewed for StartUp City

Mark McClain, CEO & Founder opens up to InformationWeek about identity governance. Watch the video »

Identity Governance Buyer's Guide - 2nd Edition

Identity Governance Buyer's GuideContains tools to help you identify your priorities, conduct side-by-side product analysis and find a solution that suits your needs. Download the Guide »

Streamline Compliance

Streamline ComplianceLearn how SailPoint makes compliance more effective and sustainable.

Download the Compliance Manager data sheet »

Deliver Convenient Access

Access Request Manager Data SheetLearn how SailPoint keeps pace with access change.

Download the Lifecycle Manager data sheet »

Get the Big Picture

Get the Big PictureSee exactly how SailPoint IdentityIQ works.

Download the SailPoint IdentityIQ brochure »

Align Access with Business

Align Access with BusinessLearn how SailPoint strengthens identity governance.

Download the Role Manager data sheet »

Apply Best Practices

Apply Best PracticesLearn how to plan ahead for successful role management.

Download the White Paper: Practical Role Management »

Manage Identity Data

Manage Identity DataLearn how to improve visibility and transparency.

Download the Identity Intelligence data sheet »

Manage Compliance

Manage ComplianceLearn how Identity Governance helps meet compliance requirements.

Download the white paper »

Succeed with SailPoint

Don't take our word for it, see what others are saying.

Stay Connected

Subscribe to our quarterly newsletter.

Subscribe »


Get the latest news and views with SailPoint's podcast series, "The Identity Intelligence Insider"

Listen »  |  Subscribe »

Media Contacts

Kari Hanson
pr@sailpoint.com
phone: 978-373-4003


Michelle Dillon
Beaupre & Co. Public Relations
mdillon@beaupre.com
phone: 603-559-5835

Choose Wisely

SailPoint's innovative approach is getting noticed. Don't take our word for it, see what others are saying.

Subscribe

SailPoint's Identity Intelligence Insider is a monthly podcast series on hot topics in identity risk management.

Listen »

CONTACT US

Hours
8:00AM - 6:00PM CST
Monday through Friday excluding holidays

Email
support@sailpoint.com

Phone
(888) 4SAILPT
(888) 472-4578

Schedule a Demo

Schedule a DemoSee IdentityIQ in action, request a one-on-one demo today.

"By using roles to request, approve and certify user access privileges, BNSF will be able to simplify its user administration and compliance processes. SailPoint IdentityIQ will allow us to enforce and verify role-based access across our critical enterprise applications using a streamlined, automated approach."

Bart Boudreaux, Director, Technology Services, BNSF Railway

"SailPoint helps us define the connection between user access, financial control and intellectual property protection. Their risk-aware approach focuses on the relative risks associated with user access within our business."

Russ Finney, Vice President of U.S. Information Systems operations for Tokyo Electron, U.S. Holdings

"Businesses that are concerned with compliance mandates and ensuring the security and integrity of their IT systems cannot afford 12 to 18 month deployments. With IdentityIQ, organizations can gain immediate payback from automating key governance processes to better address business risk."

Kevin Cunningham, Co-Founder and President, SailPoint

"As a publicly-traded company and financial services provider, we are subject to a variety of regulations including FISMA, SOX, PCI, and SAS 70. To meet these requirements, we are standardizing and automating our compliance processes for identity management, so that we can centrally control who gets access to sensitive resources and maintain compliance as the organization changes over time. This centralized and automated approach allows us to proactively address risk and more efficiently maintain a compliant, secure environment."

Jerry Archer, Chief Security Officer, Sallie Mae
Bookmark and Share

Are Common Access Control Failures to Blame in Société Générale Loss?

IT and Identity Risk Experts Provide Analysis, Examine Potential Missteps and Offer Lessons on Using Identity and Access Data to Better Manage Risk in New Podcast

As investigators sort out whether rogue trader Jerome Kerviel acted alone as alleged or with the knowledge of Société Générale senior officials as some have speculated, a debate is emerging in IT circles asking if the massive fraud owes more to the collapse of financial controls or to the controls that govern information technology systems and the data they house. The extent to which access control exposures may have played a part in the fraud is the subject of a new podcast released today from SailPoint Technologies, Inc. and Enterprise Management Associates.

"Avoiding a Billion Dollar Blind Spot: What Organizations Can Learn about Their Risk Posture from Identity and Access Data" offers constructive insight into the reported allegations in the Société Générale fraud. The scheme is the latest and most damaging in a series of headline-grabbing incidents – many involving access control failures – that have escalated in frequency and impact in recent years. Hosts Scott Crawford, Research Director and Practice Manager in the Security and Risk Management Practice at Enterprise Management Associates and identity risk expert Mark McClain, CEO and founder of SailPoint Technologies, examine the serious questions such losses raise about the state of governance and risk management in the world's largest enterprises.

"What's becoming all too clear is that companies don't have a sufficient understanding of where their risks are," observed Crawford, an expert on IT risk management. "As the facts come to light on this case and companies begin to examine what they can learn from the incident, I think we'll find that business controls remain vulnerable to subversion by users like Kerviel without an effective IT risk management strategy in place."

Following an examination of the case, Crawford and McClain outline five basic issues and related exposures that can contribute to a control failure and offer practical guidance for preventing similar incidents.

"The tendency is to view this case as exceptional, and the lion's share of press articles focus on whether Kerviel could have succeeded in circumventing financial and trading controls acting alone," said McClain. "There's an equally important story here to tell about IT risk controls that in our experience is all too common – it's an instructive case for all companies that outlines the need for IT controls to supplement business controls and validates the importance of user identities as a point of IT control in the enterprise."

Episode 8 of The Identity Intelligence Insider, "Avoiding a Billion Dollar Blind Spot: What Organizations Can Learn about Their Risk Posture from Identity and Access Data" is available at no charge from SailPoint Technologies at http://sailpoint.libsyn.com/index.php?post_id=309182 where listeners can also access previous episodes in the SailPoint podcast series. To view and download a detailed graphical timeline that indicates where key events may have alerted Société Générale to potential access and IT control exposures along the dangerous path Jerome Kerviel reportedly followed during his tenure, go to www.sailpoint.com/news/files/kerviel.pdf.

SailPoint's analysis suggests potential exposures that may have occurred based on allegations reported to date and should not be considered conclusive. For selected relevant news articles and sources, go to http://del.icio.us/billiondollarblindspot.

About SailPoint

SailPoint Technologies, Inc. develops identity risk management software that helps organizations gain control over user access to critical systems and data, streamline costly IT compliance processes and reduce the risks of fraud, corporate data loss or theft and failed audits. Founded in December 2005, SailPoint is based in Austin, Texas.