Product Review: SailPoint’s Identity Now
With the onslaught of the rising information creation, figuring out how and where to store the data is just the surface of the iceberg. Below the tip, there are innumerable associated issues with the data influx to consider including enterprise security, maintaining protected access of the data and ensuring that access is available when users need it.
The challenge is upholding the security standards already set for enterprise businesses’ information as well as confirming that access is available for all users since accessibility becomes more complicated as businesses add more distributed individuals logging in at their convenience and on multiple devices. Additionally, businesses must provide the transparency and proof of strong monitoring controls to satisfy audit and compliance requirements.
IdentityNow is [one of] the most comprehensive IDaaS solution for the enterprise, built on SailPoint’s extensive experience in identity governance. It not only integrates to other cloud apps, but to all of the on-premises resources you would expect from an enterprise IAM solution, meeting the most stringent IT security standards—a key requirement for cross-domain IAM
The technology market already has a niche working on these exact needs: identity and access management (IAM) solutions are trying to evolve and expand the solutions available to confront these demands. One particular company believes that “the dynamic and complex nature of securing access while enabling the business requires a new approach, one that puts identity at the center.”
SailPoint’s IdentityNow was created to disburse this fortified access to an enterprise’s distributed necessary user population while supplying IT with the toolbox it needs to proactively mitigate risk and secure seamless incorporation to critical applications and data regardless of where the data resides. IdentityNow is delivered directly from the cloud so it is easily integrated and running quickly with no additional hardware or software to buy, deploy and maintain within the data center.
IdentityNow is the second evolution of SailPoint’s IAM offering for enterprises businesses, premiering in 2013, following the development of IdentityIQ. SailPoint’s IdentityIQ is described on their website as a “governance-based identity and access management (IAM)” software based solution that was developed to “deliver a unified approach to compliance, password management and provisioning activities for applications running on-premises or from the cloud.” For large organizations that prefer to customize their IAM management processes, IdentityIQ was established for that purpose.
IdentityNow is “a full-featured cloud-based identity and access management solution or IAM as a Service (IDaaS), that delivers single sign-on (SSO), password management, provisioning, and access certification services for cloud, mobile, and on-premises applications.” Additionally, IdentityNow integrates to other cloud apps as well as with all of the on-premises resources expected from an enterprise IAM solutions vendor. The integration for both on-premises and cloud-based applications is designed, according to the website, “to meet the most stringent IT security standards—a key requirement for cross-domain IAM.”
It also maps IAM functions to compliance requirements and in turn audit user access to support more compliance reporting. Since several government-mandated compliance regulations – including HIPAA – require organizations to log access management data to maintain compliance, it is particularly important that IAM systems are able to fulfill those requirements for organizations.
In introducing IdentityNow, SailPoint wanted to offer customers a comprehensive IAM solution for on-premises, cloud, and mobile environments, especially as the digital business expands, coupled with the benefits of software-as-a-service (SaaS) – including faster time to value, ease of use and lower operational and upgrade costs.
IdentityNow offers an easy, intuitive way to manage and reset passwords while imposing strong password policy across all applications. By permitting users to perform a password reset and change requests themselves, the overhead and burden placed on IT and the help staff can be significantly reduced. Additionally, for the IT department, there is a Password Management Dashboard to view the return on investment for the company and savings from self-service resets. IT also controls configurable password policies like password strength, complexity and expiration date – these policies can be synchronized across all applications or individually to meet specific application security requirements.
IdentityNow’s Single Sign-On (SSO) provides one-click access to the cloud, internal web and mobile applications—from any device, anywhere. It provides an intuitive storefront to conveniently add new applications as well as an easily transferable interface regardless of the device accessing it.
There are strong authentication options including one-time password, knowledge-based authentication and built-in integration with third party solutions like Duo. There is also single sign-on to apps, such as LinkedIn, Twitter, airlines, and hotels – via IdentityNow’s secure password vault. Integrated Windows Authentication (IWA) may also be used, which automatically signs users into IdentityNow via the Windows Active Directory password utilized to log onto their PCs and the network.
For the IT department, there is a centralized record logging and reporting of users and the applications they access with their SSO. Additionally, the “integrated, governance-based approach” allows the IT department to “define application access policies” and certify consistent enforcement of security procedures.
For more security control, IdentityNow Provisioning empowers users through automated supplying of user accounts across on-premises and SaaS applications. It alleviates the work for the IT department through centralized user lifecycle management, which administers user onboarding and off-boarding processes (hires and terminations) by incorporating simple to arrange, pre-defined identity lifecycle models that automatically trigger changes to application accounts.
Provisioning also has pre-built policy controls to guarantee all activities meet the security and auditing requirements for the organization. There is also “flexible data management with the ability to import, normalize and map user and account data from multiple sources to any identity.” Finally, for back-up, there is an extensive library of connectors that will automatically backup user account changes across all of the applications needed by the enterprise.
In conjunction with the IdentityNow Provisioning, SailPoint includes an access certification campaign feature to streamline the process that the company undertakes to affirm that users have the right access and security clearance. IdentityNow Access Certification asks business managers to review user access rights as part of a centralized governance program. By using pre-defined templates and best practices, IdentityNow “enables organizations to quickly plan, schedule, and execute certification campaigns to ensure appropriate and timely review of user access.”
The Access Certification feature allows strengthened security through automated campaigns that are routinely distributed across the business. Any revoked credentials can be viewed from tops-down visibility; the status is updated through that previously mentioned extensive library connection across all applications. It simplifies the auditing processes and increases the accuracy of security.
IdentityNow’s audit and reporting capabilities help provide total visibility including usage summaries, task results and system status. They are all part of an extensive list of pre-defined compliance, access management and provisioning reports. Using this broad-based identity intelligence, IdentityNow can assist organizations address any risks and supplies tailored reports like the charting and graphing of IAM metrics including certification status, remediation activity and application usage.
IdentityNow’s Hybrid IT Connectivity includes a comprehensive collection of prebuilt application profiles such as platforms, databases, and directories that increase the speed of data loading as well as easing the process of SSO. All of this is delivered via the SailPoint Cloud Gateway and Web Reverse Proxy applications. Additionally, it includes a self-managing virtual appliance for connectivity with on-premise resources, which is protected by the firewall friendly Cloud Gateway.
The Hybrid IT Connectivity supports enterprise IT teams by assembling and centralizing user, account and entitlement data from all the enterprise systems within the enterprise’s cloud and data center. Finally, the SailPoint deployment platform is scalable with global availability in services hosted around the world, backed-up with all the hardware, software and network infrastructure included to help recover IdentityNow in the case of failure.
IdenityNow promises “a cloud environment protected by extensive multi-layered security, including robust physical, network, application, and data-level security. Sensitive identity data is encrypted at rest, and before transmission between IdentityNow and cloud or on-premises resources.”
For additional security measures, “all integration between the data center and the cloud is via a real-time, firewall-friendly channel – meaning no opening holes in firewalls or establishing VPNs.” SailPoint asserts that “ infrastructure, software, employees, procedures, and data handling have all been certified by independent auditors to the SSAE16 SOC 1 standard.”
Additionally, SailPoint offers SecurityIQ. For organizations that need that extra protection, SecurityIQ might be exactly what they require. According to the representatives from the organization, “SecurityIQ is a business-oriented data access governance solution that helps organizations find and protect sensitive unstructured data, enabling them to meet regulatory requirements by providing proof of compliance during audits, and increases staff productivity by reducing time spent on diagnostics, forensics, and data administration tasks.” For companies especially dealing in sensitive information, SecurityIQ “works seamlessly with SailPoint’s identity governance solutions, IdentityIQ and IdentityNow to discover sensitive data throughout the enterprise and control access to it.”
Alternative options currently available in the IAM market include Centrify Identity Platform, describes as a platform as one that “delivers stronger security, continuous compliance and enhanced user productivity through single sign-on, multi-factor authentication, mobile and Mac management, privileged access security and session monitoring.” It is one of the three companies ranked as a Leader by the Gartner 2016 Magic Square.
One of the other leaders, Okta Identity Cloud, has been named a Leader by Gartner in the Magic Square for three years in a row. It provides the standard SSO, comprehensive report library, user self-service, password management, mobile SSO, and more. Additionally, they have added “updates to the Okta Platform including integrated social authentication and support for OpenID Connect, support for Android for Work, contextual access management with Box for EMM, and a new EU data center.”
SailPoint is award-winning too; for the third year in a row, SailPoint has been named a Leader in Gartner’s Identity Governance and Administration (IGA) Magic Quadrant. The 2016 IGA Magic Quadrant provides an assessment of IAM solutions that offer both identity governance and provisioning to manage identity and access life cycles across multiple systems.
The support for this product is the same as for all SailPoint products. They offer two packages of product support for any assistance needed for SailPoint solutions:
- Standard Support offers you the ability to contact the Support Team during regular business hours, Monday through Friday.
- Premium Support offers non-stop support, 24 hours a day, 7 days a week to address the most critical issues.
SailPoint has a wide variety of customer bases including eight of the top twenty global banks, several top-notch healthcare providers, several pharmaceutical companies, the world’s largest credit card company, and the world’s largest oil and gas supplier. For more information about their customers and case studies, please visit the website.
As the technology available for protection and security continues to evolve and improve, the market will only become more competitive. Leading market sharers will be the best vendors to trust due to their experience. Be sure to evaluate all that an IAM system can provide for you and your enterprise needs. SailPoint is one recognizable name that will be sure to continue to thrive and challenge the marketplace.