AUSTIN, March 12, 2021 – SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in identity security for the cloud enterprise, today announced its intent to acquire ERP Maestro, a SaaS governance, risk and compliance (GRC) solution. With ERP Maestro, SailPoint will unite identity security with ERP Maestro’s Separation-of-Duty (SoD) controls monitoring for an organization’s most critical applications, like SAP. This will provide the integrated approach for effective identity security controls and SoD oversight now required to spot and stop risks posed by potential insider SoD conflicts before they become a crisis of fraud or breach of sensitive data.

“With today’s threat landscape, organizations are challenged with ensuring proper governance and compliance over their most sensitive systems and data. It is important to ensure that these systems are only accessed by the right people, at the right time. People who need access to critical applications and systems to keep the business running are especially at risk as they hold the keys to sensitive data,” said Grady Summers, SailPoint’s EVP of Products. “For example, in the case of a critical application like ERP, providing the right access—while ensuring access privileges also don’t conflict—is paramount to reducing access risk brought on by overlapping access privileges to these systems.”

Until now, companies have typically managed SoD monitoring in a silo, rather than taking a tightly-integrated approach to ensure no conflict of access or over-permissioned access was occurring. The ERP Maestro platform provides both a granular view of access risk and potential SoD conflicts, plus a comprehensive view of the overall risks by usage and risk-levels, thereby improving compliance and reducing the burden of financial audits while enforcing tighter security measures. With ERP Maestro’s capabilities, SailPoint’s Identity Platform will soon provide the unified view and real-time, actionable, and business-focused intelligence that organizations need to analyze logical access to critical business systems and then to identify potential areas of SoD conflict before access is ever granted. This pairing will also provide organizations with a compliant, automated process to grant temporary elevated access to users without adding unnecessary risk.

“ERP Maestro’s flexible and extensible approach allows for agile, automated and robust monitoring of an organizations’ most complex business critical systems. Extending identity security to include rich SoD controls monitoring will give SailPoint customers the chance to operate on a least privilege basis, providing only the necessary, appropriate system access and shutting down potential areas of SoD violations,” said Summers. “This is the next generation of identity security that today’s business needs to get the full picture of access across the workforce for all data and systems, with tightly integrated governance and compliance for business-critical systems.”

Forward-Looking Statements

This press release contains “forward-looking statements” within the meaning of the federal securities laws, including regarding our strategy, integration of the acquisition, future operations, prospects, plans and objectives of management. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “will be,” “will likely result,” “should,” “expects,” “plans,” “anticipates,” “could,” “would,” “foresees,” “intends,” “target,” “projects,” “contemplates,” “believes,” “estimates,” “predicts,” “potential” or “continue” or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans or intentions. These statements are based on management’s current expectations, assumptions and beliefs concerning future developments and their potential effect on us, which are inherently subject to uncertainties, risks and changes in circumstances that are difficult to predict. Our expectations expressed or implied in these forward-looking statements may not turn out to be correct. Important factors, some of which are beyond our control, that could cause actual results to differ materially from our historical results or those expressed or implied by these forward-looking statements include the following: the scope, duration and severity of the novel coronavirus disease (“COVID-19”) global pandemic and its effect on the global economy and on our business; our ability to achieve and sustain profitability; our ability to sustain historical growth rates; our ability to attract and retain customers and to deepen our relationships with existing customers; an increased focus in our business from selling licenses to selling subscriptions; breaches in our security, cyber-attacks or other cyber-risks; interruptions with the delivery of our SaaS solutions or third-party cloud-based systems that we use in our operations; our ability to compete successfully against current and future competitors; the length and unpredictable nature of our sales cycle; delayed effects on our operating results from ratably recognizing some of our revenue; fluctuations in our quarterly results; our ability to maintain successful relationships with our channel partners; the increasing complexity of our operations; real or perceived errors, failures or disruptions in our platform or solutions; our ability to adapt and respond to rapidly changing technology, industry standards, regulations or customer needs, requirements or preferences; our ability to comply with our privacy policy or related legal or regulatory requirements; our ability to successfully identify, acquire and integrate companies and assets; our ability to maintain high-quality customer satisfaction; and our ability to maintain and enhance our brand or reputation as an industry leader. These and other important risk factors could cause actual results to vary from expectations and are described more fully in our reports and other documents filed with the Securities and Exchange Commission (“the SEC”), including the detailed factors discussed under “Part I, Item 1A. Risk Factors” in our Annual Report on Form 10-K for the year ended December 31, 2020, which was filed with the SEC on February 26 2021. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this press release. We cannot assure you that the events and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events or circumstances could differ materially from those described in the forward-looking statements.

Any forward-looking statement speaks only as of the date as of which such statement is made, and, except as required by law, we undertake no obligation to update or revise publicly any forward-looking statements, whether because of new information, future events, or otherwise.

About SailPoint 
SailPoint is the leader in identity security for the cloud enterprise. We’re committed to protecting businesses from the inherent risk that comes with providing technology access across today’s diverse and remote workforce. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, and ensuring that each worker has the right access to do their job – no more, no less. With SailPoint as foundational to the security of their business, our customers can provision access with confidence, protect business assets at scale and ensure compliance with certainty. 

# # # 

Investor Relations
ICR for SailPoint
Brian Denyeau, 512-664-8916
investor@sailpoint.com

Media Inquiries

Jessica Sutera, 978-278-5411 
Jessica.Sutera@sailpoint.com