SailPoint was thrilled to be at this year’s CyberArk Impact user conference. As one of our most strategic and aligned technology partners, it was exciting to meet and talk with so many CyberArk customers, partners and employees and discuss the benefits of our combined identity governance and privileged access security solutions.
Privileged Access Security was of course one of the key topics at this year’s event, and rightly so in that it offers a gateway to an organization’s high-value digital assets and represents the “keys to the IT kingdom.” This is not a surprising revelation, of course, based on Forrester’s estimate that 80% of security breaches involve privileged credentials.
Many organizations that we spoke to understand the value of deploying comprehensive identity governance and privileged access security, but many deploy these programs as two separate systems. This siloed approach to managing who has access to what does more than leave dangerous security gaps and blind spots; it can result in no centralized visibility on users, loss of productivity, and require more IT resources. Addressing these security gaps by integrating CyberArk Privileged Access Security Solution with SailPoint identity governance, organizations can centrally manage and control access for all identities, privileged and non-privileged accounts alike.
One of the great sessions from the event was the “Security is a Team Sport” executive panel session that included CyberArk, ForeScout, Okta and SailPoint. The theme of this session was, of course, the benefits of a unified and integrated security approach.
Today’s security and compliance environment is rapidly changing, presenting new challenges to that no single solution or vendor alone can fully address. That’s why security needs to be a “team game” and organizations have a vested interest in creating a powerful ecosystem of partners that can provide holistic, tailored solutions to meet their evolving security needs—today and tomorrow.
I’ve always subscribed to the notion that security must be a layered, multi-faceted approach. To stick with this team sports analogy, a standard American football defensive strategy and formation is what’s called a 4-3 defensive. It uses four defensive linemen, three linebackers, two cornerbacks, and two safeties. (Not to get into too much detail on football defensive strategies, but don’t get me started, as the season is just 46 days away. But hey, who’s counting?) This football defensive approach has been in place for years, using multiple layers and lines of defense, all working cohesively together, all looking to integrate with a unified view and approach.
Cybersecurity must use this same integrated and layered approach with all the security solutions working cohesively together. There must be a layered approach to security from the entry or access point including Single Sign-on and MFA to the governing of the digital identities once they are on the network ensuring that the right users are accessing the appropriate apps and data and of course must include privileged accounts in a centralized view as well.
One of the discussion points from the panel was how the bad guys are getting smarter in their approaches so, therefore, an adaptive, more capable, policy-driven approach is critical. If the goal is to protect and secure the organization, users and data, all the solutions need to be better integrated and aligned.
This unified, eco-system approach is at the forefront of SailPoint’s open identity platform which enables enterprise organizations to put identity governance at the center of their security and IT operations. This identity ecosystem enables organizations to holistically integrate their entire security and IT infrastructure to become identity aware. By opening the identity governance platform, enterprises now have access to actionable, accurate identity data that can be combined with, or acted upon by other critical security technologies. An identity-aware infrastructure is essential for today’s enterprise that must proactively address security risks and compliance needs, while still effectively meeting the strategic needs of the business.
By creating this best-in-class security integration, enterprises can ensure that key identity functions are secure and automated, authorization policies are enforced, and privileged and non-privileged user access activity is documented and compliant.
Only by working together, these integrated solutions provide enterprises today a true security win!