Governance-based Provisioning: Succeeding Where Legacy Provisioning Failed

A few weeks ago, SailPoint announced CUNA Mutual as a new customer. CUNA Mutual wanted to proactively manage and mitigate risks associated with user access privileges and turned to IdentityIQ for its tightly integrated identity compliance and provisioning capabilities. Here’s a great quote from Brad Job, the director of information security at CUNA Mutual:

SailPoint IdentityIQ was the obvious choice because it delivered identity governance and provisioning capabilities in a single solution. It was also immediately evident that it would be easy for our business managers to use, and provided us insight into the risk associated with user access.

We always enjoy sharing customer success stories, but I find this one particularly exciting, because it highlights three dramatic shifts that we’ve seen in the provisioning market over the past half-decade:

  1. Customers are looking for solutions that tightly integrate the functions of identity compliance (capabilities including user access certifications, policy enforcement, and risk analysis) with provisioning activities;
  2. Customers need a solution that is business friendly – that is, allows non-technical users to participate in IdM processes; and
  3. Customers demand fast time-to-value from their provisioning projects (a historical weak point for first generation provisioning solutions).

A core tenet of SailPoint’s next-generation approach to identity management is that identity compliance and provisioning need to operate hand-in-glove to provide coordinated preventive and detective controls. To do this both effectively and efficiently, they must leverage a single identity warehouse, a single role model, and a single policy catalog. To do so otherwise requires a burdensome amount of coordination and synchronization of different internal repositories, rules, roles, and models between product components – which is a time-consuming and expensive deployment exercise, as well as an operations headache. As a case in point, because IdentityIQ’s compliance and provisioning components are architected on a single governance platform and identity warehouse, CUNA Mutual was able to streamline their deployment and leverage a single role model and SoD policy model across both access certification and provisioning activities.

Slowly but surely, we’re hearing the growing recognition that the basic requirements for user provisioning have shifted dramatically with respect to ease of use. At the Gartner IAM Summit in London in March, one of the Gartner analysts echoed this trend by pointing out that:

Today’s IAM buyers expect ease of use, well-designed interfaces, wizard-driven setup, mobile-ready interfaces, and quick and predictable deployments. You are not likely to get this from traditional provisioning vendors … Vendors like SailPoint who are not even on the [2010 User Provisioning] Magic Quadrant can be a perfect fit for your needs.

These are exactly the requirements that customers have been communicating to us for years, and it’s what SailPoint is delivering to the market. We have invested heavily in developing business-friendly user interfaces (designed for non-technical users) that provide meaningful context to identity data – something no legacy provisioning solution can claim. IdentityIQ’s user interfaces are intuitive and make it easy for line of business managers to work hand-in-hand with IT and compliance personnel in minimizing risk and providing higher levels of service. This was an important consideration to CUNA Mutual, who knew that enabling non-technical users from their business entities and external partners with minimal training was key to the successful rollout of the solution.

Lastly, I think it is interesting to note that CUNA Mutual was up in production with SailPoint’s compliance and provisioning solution less than six months after we announced the availability of our provisioning capabilities. This demonstrates just how much we have learned since first-generation provisioning products about architecting solutions that provide fast time to value to customers. Reducing workflow complexity, providing a flexible role model, and taking an agnostic approach to last-mile resource connectivity are just a few of the innovations that SailPoint has built into our products that allow for these significant gains in time-to-value.

We realize that our perspectives and approaches to provisioning are new to some in the market. And while most everyone agrees that legacy provisioning solutions are not designed to meet today’s new IdM requirements, change always takes time. We knew our governance-based approach would help simplify implementation and deliver results much more quickly. And as we were able to report with CUNA Mutual, we were right!