We caught up with Paul Trulove, chief product officer at SailPoint, fresh after his keynote address, The Future of Identity Governance. We thought it would be a good idea to get a little more color on what SailPoint means by SailPoint Predictive Identity, what it means for customers and what it means the future of identity governance.
You provided a lot of interesting use cases during your keynote about how SailPoint Predictive Identity can help teams more intelligently manage identity. I was hoping you could provide a little more detail about how it reduces risk?
The main way that it reduces risk is by very concretely showing where anomalies exist in an environment. That could be pre-existing access, by calling it out in the context of a certification, such as when a user has anomalous access relative to their peer groups. Or, their access level may be missing the normal access request and approval process. Their access level just showed up one day and had not been granted through the official channel.
These things can be automated and human analysts can focus on the more pressing issues and leave mundane requests to the machine learning algorithm.
When anomalies are detected, we can follow different and appropriate processes. Suppose the system scans an application and finds that a user has access that is highly privileged and highly anonymous for their job function. There’s no reason to wait until the next certification to go review. The team will immediately launch an access certification just for that one person and for that outlier entitlement. They should require that access to be approved for continued access by their manager, and/or by a security officer. If either of those two people says no, that access can be revoked immediately. There’s no reason to let things just sit in the environment and catch them through periodic certifications. It’s a much more dynamic approach to assessments.
So that readers have a better idea of how SailPoint Predictive Identity works in practice, could you describe how it would work in a customer’s environment? How is it gathering input data and making decisions or providing guidance?
From an identity and access management perspective, it is directly reviewing all of the information that’s contained inside of SailPoint IdentityIQ or SailPoint IdentityNow. So today, those two core systems communicate with SailPoint Predictive Identity and we aggregate and analyze the access information in order to get a comprehensive view of everyone’s access. What artificial intelligence and machine learning are doing for us is leveraging intelligence technology to make an assessment on whether access is being held by users correctly or incorrectly. And if it’s incorrectly, SailPoint Predictive Identity can launch processes to bring the access back into alignment with the desired state.
This is all very interesting. In the past, SailPoint has talked a lot about artificial intelligence and machine learning capabilities in the platform. How is SailPoint Predictive Identity moving that conversation forward?
SailPoint Predictive identity for us is the encapsulation of our vision for the next generation of identity management. So, what we’ve announced at Navigate, is not only the vision for SailPoint Predictive Identity but also the latest release of IdentityAI which has our new recommendation engine feature in it, as well as the IdentityIQ and IdentityNow platform features that take advantage of that recommendation engine in certification campaigns and in access request approvals.
What would SailPoint Predictive identity look like to a typical identity practitioner in a large enterprise? How would it change their day and how they go about managing identity?
First and foremost, from an administration perspective, it makes it much, much easier to construct the desired state model that you’re using to deliver access to the business. We’ve talked historically about role-based access control. What one of the challenges organizations have is building and maintaining a very comprehensive model of all of their roles. One of the major use cases that we’re looking at for SailPoint Predictive Identity is leveraging machine learning to recommend what roles should exist in the enterprise and also recommend when roles need to be updated or changed because either the organization has changed, or the IT environment has changed.
In that context, we’re trying to make a process of creating and maintaining the models much easier and much simpler, and much more cost effective so that organizations can do a better job of taking advantage of concepts like role-based access control.
There was a lot of talk about “identity fatigue” throughout the first day of Navigate 2019. It’s clear that identity teams are looking for ways to streamline their efforts and minimize the impact of identity management on the work life of their staff. How do today’s announcements help?
I know a lot of identity teams get beat up a little bit by the business from time to time, and that’s about the number of requests that they make for business management and application owners to review access, to certify access, and to approve access. SailPoint Predictive Identity gives them a way to reduce the impact of the identity management system and processes on their business users while also improving the efficiency of the system from the perspective of reducing risk, automating compliance, and ultimately delivering access more efficiently.
This has the ability to be even more valuable in two very distinct ways. One is streamlining the implementation of identity, but also the reduction of how identity impacts the business on a day-to-day basis to cut down on this identity fatigue. One of our customers recently said it really well. They said that their ultimate goal in their identity management program is to really make identity management as invisible as possible to the business. And I think, as identity management has grown in its importance and in its relevance to more organizations, they’ve had to make it a very visible process.
What we’re trying to do with SailPoint Predictive Identity is actually put identity a little bit more under the covers so that it isn’t something that you have to think about, it’s something that is just working. And it only really requires interaction from the business when something doesn’t look right.