SailPoint extends identity security platform with data security
With DAS, privilege access management, AI and other features, SailPoint moves Atlas from an identity governance platform to an identity security platform.
At Navigate 2023, SailPoint's 11th annual identity security conference, the company introduced SailPoint Atlas, its updated multi-tenant SaaS identity security platform. While SailPoint will continue to develop and support IdentityIQ (IIQ), its on-premises platform, the unveiling of Atlas showcases SailPoint's commitment to modern cloud IT architectures.
Atlas is based on an identity data lake using Snowflake and is designed to scale to meet the needs of the most complex scenarios for the largest and most complex enterprise environments. These scenarios continue IIQ's focus on efficiency and productivity combined with a new focus on security. This is important as identity's role in cybersecurity strategy and cyber defense continues to grow.
More than being just a cloud version of IIQ, I view Atlas as the foundation and accelerant of business enablement, delivering policy-based, just-in-time access to critical data and resources. That's because SailPoint emphasizes the business benefits of Atlas' features and functionality.
For example, just-in-time access can help organizations secure privileged access (superuser accounts). SailPoint doesn't want to compete with traditional privileged access management products. Rather, by providing an integrated and unified approach to all access management, Atlas also protects privileged access, enabling the business to reduce risk without having to deploy additional cybersecurity controls.
AI in identity governance
As with most of the attendees, I was extremely interested to see how SailPoint is using AI as a business enabler.
One AI feature in progress is a large language model (LLM) front end to the identity data lake that will enable natural language queries. This means that the line-of-business leaders -- those who actually know who should be granted access to which data and resources -- will be able to use the platform without having to be trained in the technical esoterica of how to use the tools.
SailPoint is also experimenting with AI is also being applied to role mining and role configuration so that the AI can define and recommend the correct roles for each user based on both inputs from the business and actual user behavior. This can enhance the business by reducing the identity workload as well as reducing the attack surface by rightsizing roles and permissions.
In the near term, SailPoint is using LLMs to automatically build descriptions for entitlements based solely on the title of the entitlement. When I first learned about this feature, I thought this was rather trivial. However, SailPoint reported that about 65% of all entitlements contain no description, which makes it exceedingly difficult for a user to understand and approve of roles. These roles can contain hundreds of entitlements, so providing an accurate description of each entitlement will transform this arduous task and enable the business to detect and remediate excess or inappropriate access privileges and resolve policy violations, such as separation of duty, more easily.
Integrating identity security and data security
While AI generates the buzz, I was more intrigued by SailPoint's announcement of Data Access Security (DAS). Traditional identity governance tools have a blind spot: the lack of visibility and governance of data. This new Atlas module addresses this blind spot by providing a unified view of access across applications and unstructured data.
Like SailPoint's approach to privileged access, DAS isn't designed to compete against the larger and more full-featured data security platforms. Instead, DAS can discover and classify unstructured data to provide an integrated view into access controls. This means that when a role is given access, Atlas can provide users with more information about that data resource. Likewise, the DAS dashboard provides data resource information, such as which roles and identities have what type of access.
DAS can currently discover and classify unstructured data in Office 365, SharePoint and Teams, and SailPoint will extend DAS to other unstructured cloud data stores. Interestingly, SailPoint understands that we're now in a hybrid, multi-cloud world where unstructured data can live in multiple clouds as well as in on-premises storage. Thus, DAS will soon be able to discover and classify data on any network-attached storage that supports server message block.
How important is Data Access Security?
DAS provides identity governance with greater visibility into the data and resources being accessed. With greater visibility comes greater knowledge and the ability to create more accurate and better targeted policies and roles that ensure the organization can consistently apply the principle of least privilege access.
DAS, combined with privileged access management, AI capabilities and other new features, transform Atlas from an identity governance platform that satisfies compliance needs to an identity security platform that reduces risk and continues the journey to a zero-trust strategy.
More importantly, this is just the tip of the iceberg of identity security starting to subsume data security capabilities because, to ensure the security of our organization, we need to integrate identity information with data access information to answer three critical questions:
- Where is your data?
- Who has access to your data?
- How is your data being used?
Senior Analyst Jack Poller covers identity and data security at TechTarget's Enterprise Strategy Group.
