Focus on Policy Alignment

By Mark McClain  |  Posted 2010-10-11 Print this article Print

2. Focus on policy alignment

Business managers understand the risks associated with sensitive applications based on asset value, privacy requirements or potential for fraud or misuse. Because of this, they are the ones best equipped to define the control objectives needed to mitigate business risk. At the same time, the IT organization is ultimately responsible for ensuring that access configurations (who can access programs, tables, documents, etc.) conform to those business policies.

Both sides must be involved in order to achieve policy alignment at the implementation level (that is, not just captured in binders that sit on a shelf). Business-friendly tools that allow business managers to understand how policy is implemented and that highlight when policy violations are detected can help ensure that IT controls properly reflect compliance policy.

3. Make transparency a priority

The final step to engaging business managers is perhaps the most important one. The organization must take steps to ensure the required level of transparency into the organization's identity data-in a way that is easily understood by business users. It's simply not practical to expect business managers to be able to interpret cryptic access privileges as they natively occur in directories, operating systems, applications and databases (and then make any meaningful decision about these privileges). To ensure good decisions and effective oversight, business managers require business-oriented user interfaces, glossaries and help facilities that turn IT data into business intelligence.

Mark McClain is founder and CEO of SailPoint. Mark drives the vision and overall business strategy for SailPoint. Previously, Mark was founder and president of Waveset, where he helped establish the company's industry-leading position in the identity management space, including 250 percent revenue growth year over year for three years. Following the acquisition of Waveset by Sun Microsystems, Mark served as vice president of marketing for Sun software. Mark also has diverse experience in international sales and marketing with Hewlett-Packard, IBM and Tivoli Systems. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel