SailPoint Technologies, Inc. today released Compliance IQ 2.0, the latest version of the company’s breakthrough identity risk management software that reduces the complexity, costs and risks associated with controlling and managing user access to sensitive applications and data. With new risk management features and tools to help IT and business managers collaborate on managing risks associated with user access, Version 2.0 accelerates organizations’ ability to put in place proactive risk management practices while tackling the practical issues associated with identity and access compliance.
In spite of billions in compliance spending by public and private enterprises across industries, breaches involving insiders who expose consumer data, intellectual property and government intelligence have dominated headlines in recent months. The frequency of these breaches indicates the extent to which enterprises are struggling to secure user access to information and applications within the organization.
“When a typical large enterprise has tens of thousands of users and thousands of applications, basic identity audit and compliance tasks like certifying which users have access to critical applications and data are monumental,” said Lori Rowland, Burton Group. “Organizations that master these tactical matters are poised to tackle the next big challenge and opportunity for most enterprises – collaborating with business managers to determine acceptable levels of risk for users and IT resources.”
SailPoint Compliance IQ
Compliance IQ helps organizations achieve and demonstrate strong, consistent control over user access to critical systems and data in an automated and sustainable way. By providing rich, multi-dimensional views of identity data, Compliance IQ enables enterprises to understand what systems and data their users can access; determine if users’ access aligns with their job functions and with corporate and regulatory policies; automate certification of users’ access; and assess the relative risk each user’s access represents to the business. Compliance IQ capabilities include risk modeling and analytics, user access certifications, role management, automated policy enforcement and user activity monitoring.
Making Risk Management Attainable
The extended risk model in Compliance IQ 2.0 helps enterprises – no matter what level of identity governance maturity they have achieved – focus access controls and monitoring according to business risk.
- Rapid Risk Modeling: The product’s graphical risk configuration templates enable quick and easy definition and customization of the factors that contribute to identity risk. Once the risk model is configured, organizations can begin compiling risk metrics to improve the effectiveness of controls and ultimately the security of the business
- Resource-Level Risk Management: Unique to Compliance IQ 2.0, resource-level risk management measures the risk levels of corporate IT resources – applications, databases and file shares – allowing application and data owners to measure asset risk and proactively address it with improved controls. Like the risk scores Compliance IQ assigns to user identities, Version 2.0 now also gives risk scores to IT assets based on attributes such as number of orphaned, dormant, service-level or super-user accounts; high risk users with access; and policy violations detected.
- Risk Advisor: The new risk advisor feature strengthens IT controls by proactively alerting business managers and application owners to changes in identity and resource risk scores and providing mitigation or remediation advice, e.g., removing access privileges, performing an on-demand access certification for a user, or initiating activity monitoring for a user or a group of users.
- Extensible Risk Model: Compliance IQ 2.0 allows organizations to extend the identity and resource risk models by incorporating new, customizable factors into risk calculations. For example, Compliance IQ can integrate with corporate directories or human resource systems to factor attributes such as geographic location or temporary worker status into the risk score for a given user.
“Our risk-based approach to compliance and governance has been extremely well received by the market,” said SailPoint CEO Mark McClain. “We will continue investing in next-generation technology to bring identity risk management into the mainstream as a core IT discipline. With Compliance IQ 2.0, we want to help our customers see risk management as something that’s possible today rather than some far-off vision for the future.”
Simplifying Compliance and Providing Business Context
New features in Compliance IQ 2.0 make it easier for companies to manage identity audit and compliance with richer business context, making technical data more understandable to executives and business users performing compliance oversight.
- Collaborative Role Definition: New to Compliance IQ 2.0 is the unique ability for business managers to define new roles while certifying access privileges – a feature that allows organizations to adjust roles as the business evolves and to accomplish role definition incrementally. With this capability, Compliance IQ broadens its comprehensive range of options for creating business roles, including directed role mining, undirected role mining and role modeling.
- Business Context for Entitlements: In the same way business roles define collections of IT privileges in meaningful business terms, Version 2.0 introduces the ability to assign business friendly descriptors to entitlements being managed by Compliance IQ. These descriptors ease the process of access certification for business users while ensuring greater reliability and accuracy.
- Role Lifecycle Management: The solution’s role lifecycle management features provide easy-to-use workflow for approving roles once they are created or modified and to review and verify roles on a periodic basis, ensuring business roles remain accurate. New what-if analysis allows role approvers to see how proposed changes will impact users before changes are implemented.