Dec 7 -- SailPoint Technologies Inc. released Wednesday Compliance IQ 2.0, the latest version of its identity risk management software that reduces the complexity, costs and risks associated with controlling and managing user access to sensitive applications and data.
With new risk management features and tools to help IT and business managers collaborate on managing risks associated with user access, Version 2.0 accelerates organizations' ability to put in place proactive risk management practices, while tackling the practical issues associated with identity and access compliance, SailPoint said.
In spite of billions in compliance spending by public and private enterprises across industries, breaches involving insiders who expose consumer data, intellectual property and government intelligence have dominated headlines in recent months, SailPoint said. The frequency of these breaches indicates the extent to which enterprises are struggling to secure user access to information and applications within the organization, the company said.
SailPoint of Austin, Texas develops identity risk management software that helps organizations gain control over user access to critical systems and data, streamline costly IT compliance processes and reduce the risks of fraud, corporate data loss or theft and failed audits, the company said.
When a typical large enterprise has tens of thousands of users and thousands of applications, basic identity audit and compliance tasks like certifying which users have access to critical applications and data are monumental, according to the Burton Group of Midvale, Utah. Organizations that master these tactical matters are poised to tackle the next big challenge and opportunity for most enterprises, collaborating with business managers to determine acceptable levels of risk for users and IT resources, Burton Group said.
Compliance IQ helps organizations achieve and demonstrate strong, consistent control over user access to critical systems and data in an automated and sustainable way, SailPoint said. By providing rich, multi-dimensional views of identity data, Compliance IQ enables enterprises to understand what systems and data their users can access, determine if users' access aligns with their job functions and with corporate and regulatory policies, automate certification of users' access, and assess the relative risk each user's access represents to the business, the company said.
Compliance IQ capabilities include risk modeling and analytics, user access certifications, role management, automated policy enforcement and user activity monitoring, SailPoint added.
The extended risk model in Compliance IQ 2.0 helps enterprises, no matter what level of identity governance maturity they have achieved, focus access controls and monitoring according to business risk, SailPoint said.
The graphical risk configuration templates of the Compliance IQ 2.0 enable quick and easy definition and customization of the factors that contribute to identity risk, SailPoint said. Once the risk model is configured, organizations can begin compiling risk metrics to improve the effectiveness of controls and ultimately the security of the business, the company said.
Unique to Compliance IQ 2.0 is the resource-level risk management measures that the risk levels of corporate IT resources, like applications, databases and file shares, allow application and data owners to measure asset risk and proactively address it with improved controls, SailPoint said. Like the risk scores Compliance IQ assigns to user identities, Version 2.0 now also gives risk scores to IT assets based on attributes such as number of orphaned, dormant, service-level or super-user accounts, high risk users with access, and policy violations detected, the company said.
The new risk advisor feature strengthens IT controls by proactively alerting business managers and application owners to changes in identity and resource risk scores and providing mitigation or remediation advice, like removing access privileges, performing an on-demand access certification for a user or initiating activity monitoring for a user or a group of users, it said.
Compliance IQ 2.0 also allows organizations to extend the identity and resource risk models by incorporating new, customizable factors into risk calculations, SailPoint said. For example, Compliance IQ can integrate with corporate directories or human resource systems to factor attributes such as geographic location or temporary worker status into the risk score for a given user, it added.
SailPoint's risk-based approach to compliance and governance has been well received by the market, SailPoint said. The company will continue investing in next-generation technology to bring identity risk management into the mainstream as a core IT discipline. With Compliance IQ 2.0, SailPoint wants to help its customers see risk management as something that is possible today rather than some far-off vision for the future, the company said.
In the same way business roles define collections of IT privileges in meaningful business terms, Version 2.0 introduces the ability to assign business friendly descriptors to entitlements being managed by Compliance IQ, SailPoint said. These descriptors ease the process of access certification for business users while ensuring greater reliability and accuracy, it said.
The solution's role lifecycle management features provide easy-to-use workflow for approving roles once they are created or modified and for reviewing and verifying roles on a periodic basis to ensure business roles remain accurate, SailPoint said. New what-if analysis allows role approvers to see how proposed changes will impact users before changes are implemented, the company said.
SailPoint Compliance IQ 2.0 is currently available, SailPoint said.
