Today during the Gartner Information Security Summit, SailPoint participated in a very interesting program put together by Gartner called the CISO Boardroom – an invitation-only forum designed to help CISOs and CSOs explore key IT security issues and strategies with their peers.
We participated in a round table discussion where a vice president of enterprise security at a national bank presented a case study on how the bank is using SailPoint to solve its identity governance challenges (I don’t have permission to name the customer, so I’ll refer to him as “Charlie Iso”). This was a great opportunity for other CISOs to hear firsthand from one of their peers who is successfully managing IT access controls for security and compliance, while proactively mitigating IT risks associated with access privileges.
Based on his experience, Charlie shared the following pieces of advice:
- Establish an accurate baseline of identity data before initiating governance processes like access certification and role management. For the bank, this involved aggregating and correlating data from 20 different applications in phase 1, with a planned expansion to over 100 applications.
- Recognize the need to provide business friendly data and tools to managers performing certifications. In order to share accountability between IT and business managers for access certifications, Charlie and the IT organization had to ensure those managers understood what they were approving from a business perspective.
- Don’t let previous technology investments limit the scope of your governance program. To provide transparency and oversight over all the bank’s systems at risk (over 100 applications), it was necessary for the bank to look beyond its provisioning solution to a specialized identity governance solution.
The session was very interactive, with the room asking for additional details about application priorities, project staffing, timing, and data integration challenges. I think the audience appreciated the peer-to-peer discussion, and many left with actionable advice. For those of you who didn’t attend, the SailPoint Buyer’s Guide captures best practices from our customers on many of the topics Charlie addressed.