SailPoint Navigates Identity Governance With SecurityIQ 6.0 Update

SailPoint extends its SecurityIQ identity governance platform with new capabilities to help organizations improve security and compliance in the cloud.

SailPoint SecurityIQ

SailPoint announced version 6.0 of SecurityIQ on May 15, as the identity governance vendor kicked off its Navigate 18 customer conference in Austin, Texas.

SecurityIQ, SailPoint's identity governance platform, helps organizations with both compliance requirements and security by enabling them to gain better visibility into how applications and data are accessed. The new release expands SailPoint's identity governance capabilities to include files that are stored in a corporate data center or in the cloud.

"Identity governance is really the back office of identity and is about keeping all of the configurations correct, so the right people have access to the right things," Mark McClain, CEO and co-founder for SailPoint, told eWEEK. "It also informs policy and compliance and ultimately helps to keep organizations secure."

SailPoint is using Navigate 18 to highlight new frontiers in information governance that it plans on helping customers to deal with, according to McClain. Among those frontiers is the expanded definition and use case for identity governance beyond just humans to also include systems and processes.

"A lot of identity has generally been equated to a person, and one of the things that's pretty rapidly changing in our space is that increasingly there are robotic processes, or software bots, that actually mimic the behavior of a human and they perform actions and make decisions," he said. 

McClain added that there is a need to govern non-human access to data and files as part of identity governance. Otherwise, organizations are not managing access in a comprehensive manner.

Another key frontier in identity governance that McClain is emphasizing at Navigate 18 is the expanded access to data on-premises, in the cloud or in business applications that organizations need to govern, which is something that SecurityIQ 6.0 is taking specific aim at.

SecurityIQ 6.0

A key enhancement to SecurityIQ 6.0 is that the platform is now cloud-native and can be deployed outside of a traditional data center, according to Paul Trulove, chief product officer at SailPoint. 

As part of the new deployment options for SecurityIQ, SailPoint also rearchitected the platform's connectivity infrastructure for improved security and scalability in both public cloud and on-premises deployments, Trulove said. SailPoint also enhanced threat detection in SecurityIQ 6.0, adding capabilities to help organizations be more proactive in responding to potential threats.

"We built a new thresholding model that allows administrators to define alerts on individual files or folders and then monitor the actual user activity," he said.

Trulove said that if a file's access pattern differs from policy, the administrator can be alerted about the anomalous activity, which could be an indicator of a threat.


When it comes to compliance, SecurityIQ has had a compliance ruleset for both the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protect Regulation (GDPR) since the end of 2017, Trulove said.

The GDPR ruleset in SecurityIQ is essentially a European-focused version of a generic ruleset that was already in the product for personally identifiable information, he said. Trulove added that a business analyst can use the ruleset to find data that is impacted by GDPR and then assess if the identity governance controls effectively secure that data.

Identity as a Business Issue

While identity governance has long been viewed as an IT issue, McClain sees it as a business issue, as decisions about staff access to resources are not determined by IT. As a result of this reality, McClain said there has been a fundamental shift in the world of identity management away from technologies that are too sophisticated for business users to operate. He added that identity governance issues have to be represented in a form that business people can use and respond to.

"The challenge that business people have to wrestle with is who really should or should not have access to critical or private information," McClain said. "This technology is shifting to be much more understood as a business problem."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.