Shaping the future of identity security: What’s new with SailPoint Identity Security Cloud
As we near the end of 2024, it’s time to think about what the future will bring and take stock of what’s working and what needs attention. At SailPoint, we’re constantly thinking about how to innovate and enhance Identity Security Cloud with new capabilities to deliver what we believe will provide the most value to our customers.Many organizations are facing trends such as exponential growth of the number and types of identities, more nuanced access requirements to sensitive resources, and the need for automation and AI to bridge the capacity gap in identity security programs.
To address these challenges, we’re launching exciting new Identity Security Cloud capabilities that continue to articulate our dedication to market-leading innovation. These new releases help customers maintain least privileged access and a robust identity security posture with capabilities that promote more flexibility, control, and automation for surfacing, managing, and optimizing critical identity data.
Build a next-gen role program for flexibility and simplicity
Introducing Dynamic Access Roles
Many organizations are burdened with managing and maintaining a bloated role model. They build multiple access roles to accommodate the large number of discrete possible combinations of attributes or entitlements. The current solution is to keep creating new roles to meet business needs. This approach, however, only perpetuates the role sprawl problem. There’s a better way to build a successful role program with Dynamic Access Roles.
Dynamic Access Roles gives organizations the ability to create role models that align with context-dependent access policies. This innovative approach allows users to incorporate contextual information when creating and assigning roles. It can also dramatically reduce the total number of roles an organization needs, increase access visibility and understanding, and improve and simplify compliance.
Dynamic Access Roles targets the needs of organizations that have specific access requirements and the need to base their access decisions on multiple and varying factors, such as geolocation, shift, or department. Typically, these are organizations with larger populations of users with shared access criteria, who have a large number of identities, entitlements, and roles within their environment.
Access Model Metadata
The more contextual information we can provide end users and entitlement and app owners to help them make approval and certification decisions, the more robust and intuitive Identity Security Cloud becomes.
The new Access Model metadata service allows customers to add contextual information to Identity Security Cloud Access Model items. Source owners and business users can add context with pre-defined metadata for risk, regulations, and privacy levels, or they can create their own custom metadata attributes to reflect their business’s unique needs.
The Access Model service enriched with contextual information enables numerous use cases, supports better access request and certification user experiences, and helps reduce rubber stamping and certification fatigue by providing reviewers and approvers with a better understanding of the risk and purpose of access rights.
Deliver fine-grained control over identity data with Data Segmentation
Customers often have information within their identity security environment that they consider privileged or need to be visible on a need-to-know basis. This stems from the basic security principle of least privilege.
Data Segmentation provides a programmatic method to restrict access to data within core Identity Security Cloud objects (Access Model items, identities, and sources). This segmentation of identity data helps to ensure that users can only see the data records they are authorized to see.Data Segmentation can lock down access at a more granular level for users, allowing for a least privileged posture, minimizing privacy concerns, and supporting regulatory compliance.
For example: A consortium bank organization is made up of many banks and wants to ensure the sub-administrators at Bank A can only see the data associated with Bank A.
Leverage automation for greater efficiency
AI-driven App onboarding enhancements
Since its June launch, SailPoint’s AI application onboarding capabilities for Identity Security Cloud have resonated with hundreds of customers currently using the capability. These fast-follow features and improvements can help organizations realize quicker time-to-value from their identity security initiatives. New features include:
- Increased AI usage: We’ve infused additional AI functionality to streamline and automate the onboarding process even further, including account provisioning with AI recommendations and advanced application discovery capabilities like the ability to quickly identify onboarded vs. non-onboarded applications.
- Detailed activity notifications: Identity security administrators receive email notifications when an activity is completed – such as when new applications are discovered, after recommendations are generated for account correlation mapping, and after recommendations are generated to create an account.
- Recommendations updates: Key updates here include account correlation mapping recommendations for delimited files.
Improve security with automation
Data Access Security activity alerting
We know there has been a rapid increase in the types of data, resources, and storage locations. But with a lack of centralized visibility, inconsistent controls, processes, and access policies across unstructured assets, it can seem virtually impossible to stay on top of everything.
Data Access Security’s new activity alerting and threat detection capabilities enable organizations to monitor data access in real-time, detect inappropriate access, and trigger actionable alerts and automated governance workflows within Identity Security Cloud. These new alerting and threat detection capabilities help identity security teams drive efficiencies, improve overall security posture, and keep sensitive data safe as an integral part of their identity security program.
This new capability delivers focused and targeted activity control for proactive detection of inappropriate data access and access policy violations, reducing the burden on security teams by triggering automated response workflows. Data Access Security activity alerting provides flexibility to define alerts based on activity type, user identity, and resource sensitivity properties relevant to each organization’s security and access control needs.
Fueling innovation and empowering your success
SailPoint Identity Security Cloud is powered by a robust industry-leading data model housing all identity information and the context necessary to manage, maintain, and automate access. SailPoint’s central repository allows for scalability, maintainability, and extensibility with a holistic and standardized approach to accessing, managing, analyzing, and reporting customers’ identity security data across all SailPoint and select third-party products.
Our new enhancements to Identity Security Cloud are core elements that strengthen the data model to help ensure customers have more flexibility and control in how they surface, manage, andoptimize their identity data.
As a leader in identity security, we don’t slow down when it comes to innovation; that’s especially true when it comes to the depth and breadth of capabilities in SailPoint Identity Security Cloud. It's all gas, no brakes. Stay tuned for more industry-leading announcements.
Learn more about SailPoint Identity Security Cloud and check out our self-guided product demos to see it in action.