Identity and Access Management (IAM) is becoming increasingly important for a number of reasons within large organisations and IT departments.
Identity has grown through a number of innovations over the past few years, with one of the more recent ones being cloud deployments, and the use of machine learning.
We sat down with Paul Trulove, Sailpoint’s Global VP for product management to talk about how his company is approaching IAM, and how machine learning is changing the game.
If you look at it historically, people used to build perimeters that network powered. The idea there was that everything inside the network could be controlled, and as long as organisations could keep people from penetrating the network, they would have control over the applications and data that are important. If you think about the way that organisations work today, the network boundary - while it still exists - has changed and a lot of applications and data live outside the network.
The number of organisations now that are using SaaS services and things like Salesforce, Workday and Microsoft Azure is on the rise. As that perimeter has become more or less more complicated and penetrable, in terms of business necessity you need to still protect access to critical information and data in your business.
You never have a situation where you don’t know who has access to your data, and if someone leaves the organisation or changes roles, you’re very able to quickly update that access to whatever is appropriate. So if an employee terminates, traditionally while you might cut off their network access, that doesn’t necessarily take into account things like their Salesforce access or their Workday account, and IAM gives you control over that.
I think it’s continuing to evolve. We’re at a point right now where more and more customers are actively entertaining the idea of the cloud, but some aren’t ready, so in that case, we give them freedom of choice. Organisations that are boldly embracing the cloud in all capacities are very actively moving to Identity Now as a cloud-based IAM solution, but we still have a very healthy business in the on-prem side of things, and I definitely still expect us to continue to grow steadily in that area.
One thing that we’re starting to see though is that customers are choosing to implement our on-prem solution Identity IQ, but then deploy it in AWS or an Azure type of environment, so that’s an emerging difference that is important. It’s this middle ground where people are starting to put more thought into taking an on-prem solution like Identity IQ but deploying it in the cloud. Those customers get the benefits of a cloud-based data centre environment, but they still have control over the application at a more granular level.
It really comes down to how much customisation they want over the base application. Identity Now is a SaaS-based service and it’s all about configuration. So It's going to give you one of three options on how to deploy an onboarding workflow, but it's not going to give you the ability to customise that on-boarding workflow to every permutation that you might want. With Identity IQ we’re going to give you the toolkit that allows you to basically define any workflow combination you want.
So what customers are generally having to make decisions on how important it is for the solution to be completely configurable to their business processes, or whether they want to take advantage of the pre-packaged nature of SaaS, and the ability to get moving very quickly with less customisation.
It has been overwhelming. We announced it originally in June and it was announced locally (Australia) in July, but customers are already very excited about it. They recognise that the machine learning techniques that you can apply to identity take away the need for human interaction, which allows them to keep pace with the rapid evolution that’s happening day-in and day-out.
A lot of what we’re looking at from a security perspective is becoming more predictive in our threat analysis and identity AI gives us that predictive threat capability. It’s not only looking at what you have access to and who has access but also brings interesting things to the table in terms of matching actions to your peer group.
Identity analytics gives us the power to create peer groups, look at how access maps to an individual vs a peer group and how peer groups relate to one another. As well as this, it also gives us this behavioural capability. If all of a sudden users start requesting access that doesn’t match their peer groups, you can create alerts for security administrators to look at that.
You can also dynamically change the approval workflow to say that their managers are not enough to approve access, and they have to go to a VP or a security ops team for a review. So that preventive model that we can bring in allows us to respond to what is happening in real time.
People often talk about Cloud but things like machine learning and AI are much more important than cloud. Cloud is a deployment method, and it’s hard to say that just because you’re operating as a cloud-based service, you’re fundamentally changing the way identity works.
In terms of the core use cases Identity AI or analytics more generically is going to fundamentally change the how people approach identity. It’s going to allow them to have more visibility than they do today and a better understanding of not only who has access, but also how that access is being used relative to peers on a much deeper level than once possible.
I do think cloud is important because it affords the opportunity for people who may not have been able to internally deploy and manage an identity system to actually go and embrace identity. That’s where I think cloud is going to be very important, as it will bring the technology to people or may not have been able to purchase, deploy and maintain it before.