I recently attended SailPoint’s Navigate 2023 annual user conference in the company’s hometown of Austin, Texas. SailPoint is best known for its identity access management capabilities, but it continues to build product and solution depth in identity security as well.
I learned quite a lot about the company’s journey in my one-on-one meeting with founder and chief executive Mark McClain, as well as at the event’s opening day keynote and breakout sessions. I want to dive deeper into those discussions and share what I find compelling about SailPoint’s relentless focus on building a leadership position in the identity security category.
The journey from identity access management to security
SailPoint was founded nearly two decades ago with a promise to provide innovative solutions to some of the world’s most dynamic business challenges. That mission statement on the surface is broad, but so is the notion of identity security. To this end, SailPoint’s “crew members” follow four corporate core values: innovation, integrity, impact and individuals. Credit McClain’s leadership and vision for setting the company’s course (nautical pun intended) and facilitating its success over the years, culminating in its sale last year to private equity firm Thom Bravo for nearly $7 billion.
I first met McClain several years ago in a personal setting, and his vision for SailPoint inspired me to learn more about the company as I began my own career as a technology analyst. A lot has changed since our initial meeting, which made for a welcome reconnection this year at the Navigate event. He and I spoke about several topics, spanning the company’s initial focus on providing IAM services and the convenience of single sign-on password management to present-day cybersecurity market trends, including security point solution consolidation, AI and zero trust.
McClain and I also spoke about SailPoint’s identity security journey. It all began in 2005 with IAM and a focus on improving efficiency and productivity in identity access. As SailPoint tackled that objective, the next challenge manifested in identity governance and administration for larger enterprises managing the access needs of their employees, suppliers and contractors.
IGA has done a lot to reduce risk, strengthen security and improve compliance, but SailPoint felt it could lean into its intellectual property portfolio and innovation engine to do even more. It did just that in 2020 at the height of the pandemic, pivoting towards a holistic approach to identity security that provides enterprises with a common set of services designed to drive better security outcomes. SailPoint has met with success in this regard, given that its solutions are now used daily by half of the companies on the Fortune 500 list.
Forbes Daily: Get our best stories, exclusive reporting and essential analysis of the day’s news in your inbox every weekday.
Conference highlights and insights
SailPoint made a handful of announcements at Navigate, demonstrating its success in delivering on the promise of identity security. First, the company released its second annual “Horizons of Identity Security” report in collaboration with Accenture, which is also its customer. To set some context, SailPoint claims that 90% of cybersecurity breaches are identity-related. That’s a significant statistic that underscores the importance of securing identity access and preventing malicious lateral movement within today’s highly distributed, cloud-native network deployments that include many device types and users, both humans and machines. The report is worth a read, and it is also worth noting that SailPoint is opening its “Identity University” to the public to improve awareness of identity security best practices. The company’s platform includes online training and certification tracks, and I applaud SailPoint for broadening its reach, given the current deficit of cybersecurity talent in the enterprise space.
From an identity security solution perspective, SailPoint announced two new features tied to its Identity Security Cloud. One involves activity insights that utilize data at the application level to grant and maintain least-privilege access based on usage patterns and activity trends. It promises to inject a dynamic, self-adjusting capability into what is historically a static credential management process that exposes organizations to risk. Another enhancement comes in the form of an improved user interface for the MySailPoint dashboard. Users can now more easily monitor critical identity security operations with a highly configurable, widget-driven menu.
The company also announced SailPoint Atlas. Atlas is a multi-tenant, SaaS-delivered platform that is also the architectural foundation for the company’s existing identity security cloud solution. It is designed to deliver a common set of new services that knit together the totality of SailPoint’s identity security capabilities, providing critical identity context and activity intelligence by leveraging AI. I think Atlas has compelling potential to facilitate scale and simplicity, improve visibility, provide deeper insights and enable zero trust principles for all identity access types across multi-domain environments.
SailPoint’s evolution from IAM to IGA to identity security is noteworthy. History is filled with technology companies that were founded to address a need but eventually failed to innovate to meet new customer challenges. The cybersecurity industry is highly dynamic both because the underlying technology continues to evolve and because bad actors continue to find new ways to harm companies with attacks from denial of service to ransomware and beyond.
Ultimately, success in this market depends on a security solution provider’s ability to recognize logical adjacencies and provide higher levels of resilience and protection. SailPoint has demonstrated this capability over the years and continues raising the bar in identity security, which often represents the most vulnerable entry point in enterprise networks.