SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Exclusive: SailPoint ANZ- Firms lack identity security frameworks
Wed, 3rd May 2023

SailPoint, a leader in enterprise identity security, recently unveiled the findings of a new research report analysing the State of Identity in Australia and New Zealand. 

To learn more about SailPoint and its research, Nam Lam, Country Manager for ANZ at SailPoint, sat down and shared his thoughts.

What is SailPoint known for?

SailPoint's most successful and renowned product is its Identity Security Cloud, which it says is the only true, multi-tenant SaaS-architected platform in the market.

The company's multi-tenant SaaS-architected platform stands out as the most effective software deployment approach in the field. This is because it delivers unparalleled cost-effectiveness in terms of total cost of ownership.

SailPoint's competitors, who offer single-tenant cloud solutions, face higher costs to manage individual customer codebases and experience slower updates and innovation rates. SailPoint's solution, in contrast, enables all of its customers to be on the same version, allowing SailPoint to implement frequent updates (upwards of 50-60 per week) without disrupting customer environments.

This means SailPoint can continue to foster rapid innovation and provide a seamless experience for its customers, unlike its competitors.

One key way that SailPoint differentiates itself is by putting identity security at the core of its intelligent, autonomous and integrated business operation solutions.

This makes it easy for modern enterprises to embed identity context across hybrid environments and centrally manage and control access to all data, applications, systems, and cloud infrastructure for all identity types.

Thanks to SailPoint's innovative cloud technology approach, 46% of Fortune 500 companies choose the company as their identity partner. In addition, Sailpoint has been recognised as a leader in The Forrester Wave Identity Management and Governance in Q4 2021 and named the 2021 Customers' Choice for Identity Governance and Administration in Gartner's Voice of the Customer programme, solidifying the company's reputation as a premier provider of identity security in the market. 

"We are the only ones utilising a true multi-tenant SaaS approach to security, offering always-on innovation to organisations. Our vision for autonomous identity is unique in the industry, and our AI/ML technology is backed by data scientists, ensuring genuine AI-driven security," says Nam Lam, Country Manager, ANZ, SailPoint.

"By allowing our platform to do the work, our true cloud SaaS-based approach reduces costs and improves productivity for our clients while continuously providing cutting-edge innovation."

What is SailPoint's newest product or offering?

The company recently introduced the SailPoint Non-Employee Risk Management solution to tackle the growing concern of third-party risks. With third-party breaches costing an average of USD $4.35 million and 63% of organisations lacking visibility into access and permissions for internal and external users, addressing this issue is critical.

SailPoint's Non-Employee Risk Management solution provides full visibility into the access rights of non-employees, such as contractors, suppliers, affiliates, and partners needing access to internal applications or systems. Many organisations lack a centralised repository for these users, leading to manual management and inadequate governance.

With SailPoint Non-Employee Risk Management, user provisioning and de-provisioning is automated, providing operational efficiency and minimising risk by informing exactly which non-employee needs access, why they require it, and when it's appropriate.

Having a single authoritative source for identity and access and intelligent third-party identity lifecycle management allows organisations to account for and manage all identities based on defined relationships, streamline and automate business processes to collect and maintain identity information more collaboratively and efficiently, and achieve audit and compliance easier and faster for all third-party, non-employee identities.

SailPoint's Non-Employee Risk Management solution is particularly important for industries like financial services, telecommunications, higher education, government, healthcare, and energy, as these sectors have large numbers of third-party identities in the workforce.

Does SailPoint utilise artificial intelligence or machine learning?

SailPoint does indeed utilise AI and ML in its business, with all the company's cloud offerings driven by its autonomous identity vision. The SailPoint platform manages the heavy lifting, addressing complex identity processes that go beyond human capacity. 

SailPoint's solutions leverage AI/ML in three core areas:

1. Access Insights: SailPoint analyses historical access behaviour patterns to detect outlier risks across users within an environment and provide contextual insights into their causes. 

2. Recommendations: The company's AI-driven platform automates access reviews, offering regular audits and providing recommendations to approve or deny access requests. Additionally, its platform recommends appropriate application access, streamlining the process based on user profiles. 

3. Role Modelling: AI enhances role-based access control (RBAC) by analysing organisational access patterns. Instead of interviewing every employee, a significant manual undertaking for large organisations, SailPoint's AI synthesises information and recommends roles based on common access rights, creating efficient role models.

With The SailPoint Identity Security Cloud, organisations can get deep visibility with a critical, singular view into all identities and their access rights, including trends, roles, outliers, and relationships, and can automatically modify or terminate access based on changes to a user's attributes or location, and automatically perform remediation actions when risky activity is detected. 

SailPoint's automated solution also enables organisations to easily and securely remove or reinstate access when an employee joins, changes roles or leaves the company, all without any human interaction, which greatly simplifies the onboarding and offboarding process for joiners, movers, and leavers. 

How has COVID-19 impacted SailPoint's customers or solutions?

COVID-19 and hybrid work have indeed impacted both SailPoint's customers and prospective clients. 

With COVID-19 causing the shift to a virtual workforce, enterprises have had to provide access to their employees, contractors, and suppliers no matter where they are while protecting the entire workforce. Therefore, organisations needed a robust identity security solution to manage access policies across the organisation, deliver the required access to users in a timely manner and ensure apps and data stored in the cloud are protected from unauthorised access. 

The SailPoint Identity Security Cloud is a bundle of SaaS capabilities that make it easy to build the right identity security program wherever an organisation is in its identity journey. It combines identity data with the power of AI and ML to drive stronger security and compliance across the entire organisation. 

There are three key differentiating components in the SailPoint Identity Security Cloud suites which make it easy to control user access across all environments, namely:

1. Unmatched Intelligence: AI and ML automate the discovery, management, and control of all user access throughout their digital lifecycle, ensuring each identity has the right access to the right resources to do its job. 

2. Frictionless Automation: The automation streamlines identity processes and decisions, such as access requests, role modelling, and access certifications. It frees employees to focus on innovation, collaboration, and productivity as it continuously analyses the organisation's identity program to spot risky behaviour and easily connect and control access to every system holistically.

3. Comprehensive Integration: The product allows integration of a company's entire digital ecosystem to centrally control access to all data, applications, systems, and cloud infrastructure – no matter how complex the business environment or where it operates.

Given the rise in cyber attacks today due to remote access and stolen credentials, AI and ML give businesses an opportunity to improve their identity security posture and prevent security breach costs as both technologies provide a range of security measures to prevent unauthorised remote access such as using behavioural analysis to identify abnormal behaviour that may indicate a cyber attack, processing large amounts of data to predict cyber threats, and responding to data breaches in real-time by automatically creating defensive patches as soon as an attack is detected.

"As cyber-attacks continue to rise alongside the exponential growth of digitisation and business transformation, the demand for our solutions becomes ever more essential. Our vision of autonomous identity places us at the forefront of the industry and presents a massive upside for our organisation," continues Lam.

What were the key learnings from the State of Identity in Australia and New Zealand report? 

Many organisations expressed confidence in the maturity of their identity security posture, but the report indicates that they often remain immature in execution. Organisations must engage in self-reflection and critically assess their identity posture maturity, as overconfidence can lead to exposure and danger. Enterprises can assess their current identity security capabilities here to understand key areas to address in their identity and access management (IAM) program.

"It is essential to become educated on the value of identity security, as it plays a critical role in addressing cyber-attacks that result from access falling into the wrong hands. By understanding and appreciating the benefits of identity security, organisations will be better prepared to face the challenges where cyber threats continue to grow in parallel to the increasing digitisation of our society," adds Lam.

Although stakeholders acknowledge the importance of identity security, they often struggle to secure the necessary budget for these programmes. This may stem from the perception that such programmes fail or can be expensive if not properly governed or that a business case can be difficult to convey as identity security mostly operates in the background. A lack of awareness and appreciation for the value of identity security can hinder organisations from recognising and addressing exposure risks.

Interestingly, the study found that organisations primarily view identity security as providing non-security-related benefits. The top three expected benefits were improved staff productivity, safer remote working, and streamlined access management. This perspective is eye-opening, as with a modern identity security strategy, organisations can get intelligence and insights to not only control access, ensuring users have the access they need when they need it, but also to spot and mitigate threats and keep up with evolving security risks.

"The report concluded that while there are conflicting trends in identity, there are six key identity governance activities that organisations can take on right now to improve," says Dr. Joseph Sweeney, Advisor, IBRS.

"Of these, the most important is the need to elevate the discussion around identity governance to include cross-functional stakeholders. Rather than positioning identity solely in the realm of cybersecurity, it should be discussed in terms of operational agility and business effectiveness." 

You can find and learn more about SailPoint's full report at the link below.