SafePaaS for Identity Governance
SailPoint, founded in 2005, offers an Identity Governance and Administration suite called IdentityIQ, which includes several modules that can be configured to automate the access management processes. Recently SailPoint has also introduced IdentityNow - a multi-tenant IGA cloud version similar to the IdentityIQ.
In the last few years, business needs for effective access controls have evolved, beyond the general IGA capabilities in response to growing compliance mandates and increased cyber security risks. As a result, IGA customers are now demanding specialized capabilities based on new control objectives to address the following gaps in the general-purpose IGA systems:
- Lack the ability to configure access rules in terms of fine-grained privileges in the enterprise application security model.
- Focus is on “birthright” access for all user rights, whereas IT audit requires control evidence for enterprise access users with hundreds of privileges to sensitive data, transactions, and functions.
- Lack of support for short-lived, just-in-time elevated access required for emergency support – privileged access management (PAM).
- Single Sign-on to business applications for “birthright” users does not control provisioning fined-grained privileges that violate company policies such as Segregation-of-Duties or Data Privacy.
- Inability to monitor or manage user activity in enterprise applications required for “lookback” analysis when a risk is materialized.
- Unable to support business process owners and control owners need to certify user access or activity log to support periodic access certification.
- Lack of functionality to support complete security and application administrators need to maintain role design and update entitlement to remediate inherent risks in thousands of privileges available in enterprise applications.
SafePaaS can now extend the IGA capabilities for SailPoint customers to ensure that the access management controls such as segregation of duty, certification campaigns or access requests are operating effectively.
While our customers’ priorities are unique, we can quickly deploy SafePaaS controls for SailPoint based on a risk-based approach for maximum impact. Our goal is to provide simple, pinpoint control solutions that require less effort from the customer, IGA administrators and other staff in the CISO team.
The following diagram shows how SafePaaS API Services can orchestrate and control access management activities in SailPoint: