By Matt Mills, President, SailPoint
When SailPoint was founded nearly 20 years ago, the identity security space looked a lot different than it does today. That shouldn’t come as a surprise—identity security is hardly the only thing that has changed significantly over the past two decades. Still, it’s fascinating to consider how far identity security has come in such a short period of time, and how integral identities are to both the enablement and security of today’s enterprise. While identities play an increasingly important role in business enablement, the modern threat landscape is more dynamic than ever, and attackers are constantly identifying new ways to compromise and exploit vulnerable identities. It’s vital that both identity providers and their customers keep a keen eye on the future, anticipating the threats, trends, and challenges that next-gen identity security will need to address.
Investing in Innovation from the Beginning
There may be no market where strategic foresight has been more important than identity security. It’s amazing to look back and consider that SailPoint’s very first identity offering was a solution that allowed organizations to determine whether access was aligned with compliance requirements. Back in those days, most digital identities were user accounts, and provisioning their access needs within a given environment was something that could still be accomplished manually. Even then, it was clear that identity security needs would become more complex with time, and we quickly added the ability to provision and de-provision access in ways designed to not just boost compliance goals but improve productivity as well. At a time when the identity security market was still in its relative infancy, it was a bold move—but one that paid off. It underscored the importance of thinking ahead about what might come next.
The growth of identities saw the emergence of nonhuman identities, including servers, devices, cloud applications, and more. By now, they vastly outnumber human identities. Early investment in artificial intelligence (AI) capabilities was critical for identity providers as identities went from something that could be managed by a diligent employee with a spreadsheet to something far more expansive. Today’s enterprises often manage identities numbering in the hundreds of thousands, to multi-millions, far beyond what human beings can be expected to manage—and that doesn’t even begin to touch on application access, entitlements, or data. When you zoom out to see the full picture, you’re looking at upwards of billions of risk points. SailPoint’s early investments in AI and automation allowed us to keep our customers equipped with the tools necessary to manage both human and nonhuman identities, even amid that exponential growth. We first incorporated AI, machine learning, and deep analytics into our solutions all the way back in 2017, and that foresight helped blaze a new trail for the industry as a whole.
Embracing a More Unified Future
Transformative as they were when they first emerged, AI and automation are now table stakes. At SailPoint, when considering what the next generation of identity security will look like, a word that consistently arises is “Unified.” Today’s identity security market often appears fractured and disjointed. Why are employee entitlements managed separately from non-employee entitlements? Why are “access” and “privileged access” provisioned differently? Why are cloud-based accounts managed differently from software-as-a-service (SaaS) accounts? Today’s identity security space is filled with siloed solutions—and while many of them are no doubt effective, modern enterprises require a more autonomous, integrated, and unified approach.
This eye toward a more unified future has informed many of SailPoint’s strategic decisions over the past year. The growth of contract work and increasing popularity of SaaS vendors has made securing non-employee identities a major priority for today’s organizations, but too many still rely on specialized solutions. Our acquisition of SecZetta earlier this year was an important step toward changing that—by incorporating market-leading non-employee identity security capabilities into our existing identity security solutions, we are now able to offer organizations a more comprehensive way to visualize, provision, and secure their digital identities—whether they are employees, contract workers, vendors, or other third parties. As third-party breaches continue to make headlines across every industry, organizations are looking for a more straightforward way to manage their vendors and partners, and more are asking why employee and non-employee identities should be managed separately. The answer? They shouldn’t.
SailPoint’s unified approach to next-gen identity security also means breaking down the silos that are traditionally privileged access management (PAM) and uniting visibility regardless of how sensitive (or not) an identity’s access is. For over two decades, the concept of “privileged” access has been a very static and specialized discipline, with separate tools to see access needs for those with privileged or sensitive access vs. those with regular access. At SailPoint, we see PAM as an extension of existing identity management and control systems. Sorting through multiple, disparate systems to obtain visibility into both regular and sensitive access is neither efficient nor scalable in today’s environments. The need for a more holistic approach that addresses and manages risk across the entire spectrum of access needs is what drove SailPoint’s recent acquisition of Osirium. The ability to provide organizations with both visibility and real-time control over how their identities are interacting with data and applications is long overdue and we believe will help drive the identity security market forward in a more unified way. Bringing all of these capabilities under a single platform umbrella, a unified data model, will allow businesses to manage their identities in a more streamlined way, improving efficiency and driving better security and business outcomes.
Defining the Next Generation of Identity Security
No company can claim to have perfect knowledge of the future, but SailPoint has made strategic bets over the years— paying off handsomely towards accelerating our next generation vision. We were early believers in the business potential of identity management and security, and we made significant investments in AI and automation long before the industry recognized how essential they would become. SailPoint has a track record of zigging when the rest of the industry zags—and while that has raised the occasional eyebrow, it has also allowed us to effectively anticipate the needs of our customers and continue to provide an industry-leading approach to identity security.
The next generation of identity security will be defined by its unified approach. It will ensure that enterprises have a trusted technology ecosystem, one that allows the business to flourish as quickly and seamlessly as possible. Next-gen identity security should ultimately equip every enterprise to effortlessly manage and secure their identities at any speed, at any scale. The outcome? Businesses that can compete fiercely, grow and evolve at any pace, and drive business acceleration that enables every identity to do their best work, securely, efficiently with peace of mind. This is how we define next-gen identity security at SailPoint.
SailPoint equips every enterprise to effortlessly manage and secure their identities – at any scale, at any speed. Learn more at SailPoint.com