SailPoint’s Chief Product Officer, Paul Trulove, shares his insights on the importance of cloud governance.
Learn more about Cloud Governance and how you can use AI to protect access to all your cloud platforms.
Hannah Giles: Hello everyone. Welcome to another edition of Identity Talks and I’m so excited about this conversation today. We’re joined by SailPoint’s Chief Product Officer Paul Truelove, Paul, welcome.
Paul Trulove: Thank you. Glad to be here.
Hannah Giles: So I have a few questions for you. We’re going to be talking about cloud governance and really let’s start with kind of the basics. Why is governing access to cloud platforms becoming such an important area of focus for identity management teams?
Paul Trulove: It’s a great question. The reality is, as more and more companies move more and more of their assets out into the cloud from an IT perspective. So whether it’s computer environment, storage environments, you know, those kinds of things. They should ultimately be applying the same basic identity controls to those assets, the same way that they’ve done, you know, for a long time to their data center, resources as well.
But the unfortunate reality is many organizations haven’t actually extended their identity programming in this area. And so you know what what has resulted is all of those new applications and other cloud workloads that are sitting out there and identity or not identity but infrastructure as a service platforms like AWS, Azure, Google Cloud are relatively unprotected from an Identity and Access Management perspective, relative to their, their on prem assets and so what we’re finding is more and more organizations are coming around to this realization that governing access to their cloud platforms is just as critical and in some cases even more critical, especially as they put not only sensitive data but highly regulated data out into these large cloud platforms.
Hannah Giles: Interesting. So would you say that there, it’s more challenging? And if it is what makes it more challenging than say governing access to traditional on premises applications?
Paul Trulove: Yeah, I would, I would argue that in a lot of ways it is more challenging. You know, first and foremost, and in some ways, the stakes are higher. So a lot of organizations and including some that I’ve talked to, just as recent as last few weeks, still use their network as a backstop to Identity and Access Management processes. So, you know, like I terminate a user and I cut their network access, you know, they can’t actually get access to applications that I’m running you know, in my data center if I’m doing a good job, you know, with a basic network perimeter. You know, I can probably keep the bad guys out of, out of my on prem resources.
The problem is, as you move out to the cloud, then that network perimeter goes away, for all intents and purposes. So, you know, if you have a poor identity governance approach to your cloud resources you’re really putting your organization at significant risk of breach and honestly, we’ve seen some of these pop up recently. We talked about different Amazon S3 buckets that have been open to the internet that house some relatively important data.
The other thing that makes it more challenging is that non-human access is a much bigger part of the way that a cloud application is is architected. So, you tend to have a lot of machine to machine accounts that access is very pervasive and ultimately, that ultimately can be used for malicious purposes. So it’s not just about knowing who has access, but you also have to know about what has access and the reality, most identity management platforms, especially the legacy ones, just don’t do a good job in that area of visibility and control over cloud resources.
Hannah Giles: Interesting. So then I guess let’s bring this full circle. How does identity governance solutions in particular, how did those help not just you know from some of these points that you’ve already made that security efficiency, like, what, what are all the things that identity governance does?
Paul Trulove: You know, honestly, it’s very similar to what we’ve been talking about for the past decade or so, you know, as it relates to just good identity governance. So you should know who has access to what in those systems, but also what has access to what.You’ve got to apply good security and compliance controls to make sure that the right users, your humans and your non-human, actually have the access that they need and only what they need. But you also need to look at how that access is being used on a day to day basis and make sure that the access is actually being used in an appropriate way.
The challenge is that, you know, all of these things at the scale of cloud are very complex. So the number of identities, especially the machine identities, the number of entitlements and different policies, that dynamic nature of that access makes us a much more challenging problem to solve.
And this is really where SailPoint’s new cloud governance solutions allow us to leverage some key technologies. AI and machine learning that go in and quickly assess the state of identity governance in these cloud platforms and then ultimately allow us to begin to put the same types of identity controls in place that you would have in a traditional on premises application and infrastructure environment.
Hannah Giles: Wow, that’s a lot to think about but everybody’s heads kind of in the clouds these days. So that’s great information and we look forward to hearing more on this from you soon. And thank you so much for joining us today.
Find out how SailPoint can help your organization.