In an engaging Q&A, Simon shares how his team matched the pace and velocity of a changing identity landscape and digital ecosystem, all while continuing to enable the business. He also revealed how, as one of the UK’s largest supermarket retailers, ASDA implemented a robust identity program designed to help improve compliance, user experience, and employee lifecycle management across 138,000 users, outlining key steps and pitfalls to avoid along the way.

Read on to discover ASDA’s successful transformation journey to a unified identity security program.

Hi Simon, thanks so much for taking the time to share your story. Let’s begin with the basics: please give us a little background on the ASDA brand.

ASDA is Britain’s third-largest supermarket chain, with around 829 stores and £20.4 billion in revenue. We’re a longstanding company based in Leeds in the UK, and we were previously owned by Walmart before a takeover in 2021.

Walmart is an enormous organisation with annual revenues of about half a trillion. It does lots of things very well, but its size can also breed inflexibility and you often simply have to follow what the leadership tells you to. That meant at ASDA, we had little freedom to manage our own identities or IT infrastructure. Now that we’ve separated from Walmart, we’ve been effectively building new infrastructure from scratch, which is a big ask for a £20bn company.

Could you tell us more about the demerger from Walmart, and where you are in your identity program today?

Of course. Previously, our identities were all Walmart identities, part of their on-premises active directory (AD) forest. So, when we left, we had to set up a completely new identity for each employee – all 138,000 – the majority of which are frontline staff, people in shops and warehouses, and so on. We also have around 6,000 contractors, which we manage on a separate system. Today, all of these people are now logged into Workday, integrated with SailPoint, and SailPoint ServiceNow for request management and more.

Most of our products today are cloud-based rather than on-premises. Similarly, many businesses across Europe are shifting to the cloud for a variety of reasons – could you tell me what was behind ASDA’s decision to do so?

Lots of organisations today talk about being cloud-first, but we made a conscious decision to become almost cloud-only. The cloud offered an interesting opportunity for us to completely reshape our identity management – it was like a greenfield site for a £20bn company.

Early on, we decided we didn’t want to tie ourselves down to infrastructure, so this immediately lent itself to using software as a service (SaaS) or cloud-hosted solutions. Then, looking back to my experience as CISO and sponsor for the identity program at (UK supermarket) Morrison’s, we looked at SailPoint solution as a potential tool. Fast forward, I realised that it fit perfectly with ASDA’s new infrastructure and the future of where we’re heading. So, we went with SailPoint Identity Security Cloud and so far, integration has been straightforward – it’s gone really great.

What was the sign-off process and the building of the business case like for your new identity program? Are you being held accountable for whether you’ve achieved your initial goals?

It was important to me to make sure we had the right funding upfront, so I had to clearly demonstrate the value of what it is we’re delivering and to keep the board informed.

We have a monthly security government forum where I present and report on all sorts of security risks. Fortunately, senior colleagues haven’t been too picky regarding progress against my program scope, and only really want to hear about anything that could go wrong and the plans to mitigate against it. It’s really been about risks and issues and expanding on progress, rather than having to answer to what we’ve done.

As an identity expert, could you explain the importance and business value of identity to those who are unfamiliar with it?

As a CISO, what I care most about is any security risks to the business. Cyber incidents and data breaches are a big concern, but so is identity. There are some areas of our business where we have a really high turnover of staff, for instance, over Christmas we take on thousands of short-term workers. Even if we only need them to work for two days, but it takes us a week to give them an identity on our systems, they won’t be able to do anything except twiddle their thumbs and we’ll be paying them for nothing. So, we need to efficiently onboard people to make sure people quickly have the correct access rights.

A lot of access provision in the old-world environment was largely done manually. I don’t know how many people Walmart has working on identity alone, but I think they have almost 2,000 security staff. Most of us don’t have the resources to replicate that, so we need to rely on technology and services like SailPoint.

How are you reaching identity to the day-one retail employees, presumably recruited on quite short notice, who need to have privileged information supplied?

We’re doing that effectively through the local management, whether that’s the general store manager or team leaders in the depots. We have lots of materials like knowledge articles and scripts, and we have training facilities that we can use to test these things out.

You touched on contractors earlier, could you explain what ASDA is doing in regards to non-employee identity?

It’s been a bit of a battle in all the CISO positions in my career. I’d always prefer our contractors just went to our HR system because it already contains an identity infrastructure, but HR teams often disagree.

At ASDA, we ultimately decided to adopt SailPoint’s Non-Employee Risk Management tool, which is effectively designed for managing people who are not full employees but still need access to systems. Fortunately, if you already use SailPoint Identity Security Cloud implementation it is straightforward.

Great. Now, let’s move on to a more obvious question. Please share with us three learnings or identity security best practices with our audience.

This might not come as a surprise, but one of the biggest lessons I’ve learned is the importance of data quality. And most of the data quality issues we’ve had have been associated with the actual ownership of that data. We had to build a full set data set correlated from multiple data sources, so getting clean data, and an agreement about whose responsibility that data is, is really important.

Next up is change control, or technical change control to be specific. One of the key lessons I learned from my role at Morrison’s is that we didn’t focus enough on bringing employees with us, we didn’t spend enough time on training or business change management. You can’t treat identity as a technology project, you have to bring your colleagues with you and ensure they’re technically educated so that the C-suite workers know their responsibilities, and the everyday workers know what to do too.

The third essential pillar is finding the right partner for your identity program. Providers that can demonstrate their experience, have strong references around how they are to work with, are responsive, and seek out problems and help you to solve them in advance are all positive indicators. I’ve worked with SailPoint in the past and this was important in our decision to work with them at ASDA, too. I know we can just ask them at any time to help fix an issue for us, and they’ll do so.

And what about pitfalls that people need to look out for?

The first one is getting engagement right. We’ve discussed engagement with senior leadership, which is clearly important for things like funding. But it’s also important to engage with the business at the lower level, because we’re going to end up integrating staff with hundreds of complex applications and we can never be sure of how they’ll use them – where they connect from, what devices they use, under what circumstances they might be connecting, do they need temporary access or delegated access, etc. In the past, we waited for colleagues to come to us, but they didn’t, and then they expected everything to magically work.

Also, as I’ve mentioned, another pitfall is treating identity as purely a technology project, like a tool you can just plug in and play. There are a lot of processes and team structures to build around it, and this is why it’s so important to have the right specialist partner. This way, you can make sure you’re treating it as a proper program. One of the mistakes I’ve previously encountered is taking a bad process and a good piece of software and trying to change the software to meet the bad process. It needs to be the other way around – staff must align with the software to ensure the system runs well.

Now, it wouldn’t be a technology discussion without touching on AI. Given the scale and the complexity that you’re dealing with, where do you see AI in ASDA’s future?

There are a couple of areas in which I see it bringing obvious benefits to us. We’ve got our basic infrastructure in place, around 10 big applications that via SailPoint ServiceNow are integrated into SSL and SailPoint. But we’ve still got hundreds of much less significant applications to integrate. So, using AI to automate, or at least help speed up, some of the onboarding of those applications would be really helpful in terms of time, money, and resources.

Role mining (the process of analysing business data to group users and access permissions and simplify the review process) is another big use case. Employees only tend to understand their section of the applications and don’t know what happens elsewhere. Using AI to role mine and map would be very helpful.

Discover more customer stories.

The post ASDA reveals how SailPoint supported the supermarket to build a new, nationwide identity security program appeared first on SailPoint.

“The stakes grow higher every day for security leaders and their teams, and this year’s CSO Awards honor the very best efforts to tackle challenges from an expanding threat landscape,” said Beth Kormanik, content director for the CSO Conference & Awards. “From devising new threat detection methods and cyber analytics to initiatives addressing AI threats, zero trust, and data protection, these projects are at the forefront of innovative security thinking and represent true business value for their organizations. We congratulate the winners and look forward to celebrating them at the CSO Conference & Awards this fall.”

Redefining cyber foundational excellence

In today’s digital age, four out of five data breaches can be traced back to digital identity. Despite this alarming statistic, 30% of organizations have still not started their identity security journeys. Many organizations grapple with a fragmented identity experience across their workforce. These companies often rely on manual and decentralized processes to manage access and governance to different user groups within their organization. AES, however, has pioneered an innovative approach to identity security. Its extensive program has shed light on how frequently cyber-attackers target companies, prompting the team to focus on foundational identity security as a key line of defense.

By centralizing its identity platform for access and identity controls across all users, AES leveraged SailPoint Identity Security Cloud (ISC) as a strategic catalyst for business transformation, innovation, and security resilience. AES provides its business partners with appropriate access to enabling technology and collaboration tools, while ensuring enterprise security controls are in place. AES’ ability to manage digital lifecycles end-to-end and integrate with enabling technologies underscores its maturity and excellence in identity security.

A unique and integrated approach

AES’ unique approach is rooted in its commitment to providing a holistic, standardized identity security solution that caters to all user types within its organization. By integrating ServiceNow and SailPoint, its team has streamlined provisioning and deprovisioning processes globally. This has improved the timeliness and efficiency of providing necessary access rights to all users, including employees, contingent workers, and contractors.

Before the automation of account creation and management, verifying and creating user accounts required manual approvals. This process was handled by Regional Digital Technical teams, each following regional methods for onboarding and offboarding users, which could take up to several days. With SailPoint, AES has reduced this total time to under 4 hours on average globally, accelerating the onboarding and management of resources efficiently and without manual intervention.

AES offers end-to-end digital lifecycle management for employees, contingent workers, and contractors. This facilitates a simplified, secure, and compliant Day 1 onboarding process, as well as automated provisioning and deprovisioning processes through seamless integration of ServiceNow and SailPoint.

Key features of AES’ integrated identity security solution

Simplified Onboarding: AES’ integrated solution automates the creation of user accounts, provisioning of resources, and assignment of permissions, facilitating a smooth and expedited onboarding process for all user categories. This not only accelerates time-to-productivity for employees but also expedites access for contingent workers and contractors to the tools and systems they need to contribute effectively. When a new employee, contingent worker, or service contractor joins the organization or requires access to specific resources, SailPoint provisioning workflows integrate with Workday and ServiceNow to grant the necessary access rights and permissions. Similarly, when a user leaves the organization or no longer requires access, SailPoint triggers deprovisioning workflows to revoke access and remove user accounts automatically.

Secure Access Management: Of course, security is paramount to AES’ strategy. Leveraging the combined capabilities of ServiceNow and SailPoint, AES enforces least privilege access principles and dynamically adjusts access rights based on changes in user roles or employment status.

Compliance and Audit Readiness: AES’ integrated solution enables comprehensive compliance and audit readiness by capturing detailed audit trails and reports of provisioning and deprovisioning events. This helps the organization’s identity security practices align with regulatory requirements and internal policies, providing support during audits and assessments.

Challenges and future directions AES recognizes that there are still challenges to overcome, including managing the ever-evolving landscape of cyber threats, ensuring compliance with a growing body of regulations, and maintaining user satisfaction while enforcing strict security controls. Looking ahead, AES plans to further enhance their identity security strategy by incorporating advanced analytics for real-time threat detection, exploring the use of artificial intelligence for predictive threat modeling, and expanding its identity and access management framework to encompass emerging technologies and platforms. Through these efforts, AES aims to stay one step ahead of cyber threats and continue to safeguard its digital identities.

The post Congratulations! AES wins CSO Award for transformative identity security with SailPoint appeared first on SailPoint.

However, beyond the overall goal of securing access to applications and data, enterprises might have varied short-term and long-term priorities. For instance, one large retail organization might want to increase onboarding efficiency, while a fintech business might want to empower and protect remote work. Another healthcare company might be focused on both. And here at SailPoint, that can all be in a day’s work.

So, how does one solution, SailPoint Identity Security Cloud, meet each organization’s unique needs at every step of their identity security journeys? Let’s take a look at a few examples.

1. Tailoring support to a huge consumer organization

Upgrading a business’s identity security is tough enough. But trying to do so without the support of tried and trusted experts can be a recipe for failure. That’s why at SailPoint we always provide tailored recommendations for an implementation partner who can support customers with their transitions. 

A world-leading consumer goods manufacturer asked SailPoint to help it become the most connected business of its type in the world. The customer’s short-term goal was to establish an identity program and begin automating lifecycle activities. It also wanted to roll out a common set of applications across all operating companies and streamline the broader application suite.

To advance delivery and implementation of a robust identity security program, SailPoint brought together a group of internal and external experts from product management, SaaS engineering, and services, alongside executive leadership to collaborate on delivery scope, timelines, and value. The SailPoint team guided the customer and its chosen implementation partner through technical delivery practices and the initial performance assessments and scalability of SailPoint Identity Security Cloud, along with providing last-minute advice and support.

The customer soon enjoyed a smooth deployment and realization of their mission: a successful cutover from their legacy tool to SailPoint Identity Security Cloud and end-to-end automation. It quickly processed 500+ joiners and initiated 250+ leavers through SailPoint Identity Security Cloud, now managing over 100,000 identities in total.

2. Improving control and centricity at a digital bank

Nordnet, a Scandinavian online bank, approached SailPoint to improve its usability, maintainability, scalability, and control of all access, as well as obtain “one source of truth” where all access can be viewed, managed, and secured in one place.

The bank went live with SailPoint Identity Security Cloud to specifically focus on Certifications and Access requests in their revamped Request Center. It resulted in a significantly quicker approval process, empowering the Nordnet team to easily manage, track, and review access for greater control. Mattias Karlsson, Process Owner of Access Management at Nordnet, said, “One of the focus areas was to improve usability and efficiency, which we have achieved, and gotten incredibly positive feedback from managers.”

Nordnet has achieved particularly remarkable improvements in its certification campaigns, trimming the completion time from 30 days to an impressive 18. The positive impact of these changes has reverberated throughout the organization. Marcus Montelius, System Manager at Nordnet, said, “We have had very positive feedback from our colleagues after our implementation of SailPoint Identity Security Cloud. The easy-to-use design for requests and certifications and the Slack integration have been very popular and much appreciated by our users.”

Montelius continued, “We have also improved drastically the implementation time of new integration with our internal application, compared to our previous system. This enables us to extend the delivery of applications and requestable accesses which results in less access management manual work around the company.”

3. Transforming Joiner, Mover, and Leaver processes for an investment business

A classic symptom across many enterprises today is the number of manual processes that they tend to persevere with. For a leading provider of end-to-end investment services, its Joiner, Mover, and Leaver (JML) processes required users to be manually onboarded and exited, while disjointed HR and core technology platforms were updated independently. These time-consuming manual tasks led to regular mistakes and delays, along with serious information security risks.

Fortunately, the business soon recognized that with SailPoint Identity Security Cloud, it could achieve greater control and process efficiencies over IT access management, particularly for JML. SailPoint now automates key actions within joiners, role changes, and user termination processes across their platforms and Active Directory. The company launched this across its two major domains and all user accounts are now managed through SailPoint Identity Security Cloud.

“Since the launch, we have been encouraged by the operational efficiency benefits that we are seeing as part of our staff Joiner, Mover, and Leaver processes,” said the company’s Head of IT Operations & Infrastructure. “We look forward to building upon this foundation over the coming year as we further embed SailPoint Identity Security Cloud into our individual applications’ access controls, enabling us to realize the full value of SailPoint Identity Security Cloud as a cornerstone of our identity security strategy.”

The power of a unified solution

The beauty of SailPoint Identity Security Cloud is that no matter the type of business or specific identity challenges faced, the solution is crafted to support customers today and throughout their journey, as identity needs and requirements grow in size, scale, and complexity. Four product modules provide customers with key capabilities and features to start their identity security journey: lifecycle management, compliance management, access modeling, and analytics. And with several add-ons designed to satisfy the most specific of identity security needs, SailPoint helps customers manage and secure every enterprise identity with greater ease while reducing overall risk.

Thousands of organizations worldwide use SailPoint Identity Security Cloud to manage and secure access to critical data and applications for every enterprise identity. So, wherever your enterprise is in its identity security journey, you can too. Learn more and start your journey today.

The post The identity security journey: Meeting customers where they are appeared first on SailPoint.

We are thrilled to announce the initial launch of SailPoint’s Customer Success Center (CSC), marking a new chapter in our commitment to enhancing the digital customer experience. This launch represents the first phase of an ongoing journey to develop a comprehensive customer experience platform that adapts and grows based on customer feedback and the changing needs of the market. 

Vision and purpose of the customer success center 
With the Customer Success Center’s launch, SailPoint continues to ensure that every customer success interaction is streamlined, every resource is impactful, and every customer is empowered to achieve their strategic objectives with unparalleled support and expertise. 

Positioned within our Compass Community, the Customer Success Center is tailored to equip both new and existing customers with strategic resources that streamline their experiences and enhance their operational effectiveness. 

Our goal is to empower customers with innovative, self-service tools and comprehensive strategic guidance. The resources available at launch are just the starting point. As we gather feedback and learn from customers’ experiences, these tools will be refined to more effectively support our customers’ journeys in identity security. We are committed to using this launch as a learning phase, where every interaction will help to shape its future. 

Initial features and tools 
To begin, we have introduced several key features, such as the Customer Success Onboarding Guide and Success Planning Guide. These guides are designed to provide immediate support and guidance for all customers throughout their journey with SailPoint. 

Our onboarding guide includes interactive tours of our digital communities, strategic resources designed to help customers craft their identity security program strategy, and the ability to engage our Customer Success team for personalized onboarding sessions. By facilitating smoother onboarding and continuous learning, the Customer Success Center enables customers to quickly adapt and excel in their identity security initiatives. 

The Success Planning Guide invites customers to collaborate with our Customer Success team to create tailored, actionable success plans focused on achieving their strategic goals and program milestones. 

Join us on this journey 
As we look to the future, our commitment to digital customer success remains unwavering. We plan to continuously enhance the Customer Success Center with even more advanced tools and resources, ensuring it evolves to meet the changing needs of our customers and the dynamics of the market. 

The Customer Success Center is more than just a resource; it is a partnership. We encourage you to engage with the Center, explore its initial offerings, and actively contribute to its growth. Your feedback will be instrumental in shaping a center that truly supports your needs and enhances your experience with SailPoint. 

Together, let’s redefine what customer success looks like in the digital landscape. 

The post SailPoint’s new Customer Success Center: A look inside  appeared first on SailPoint.

At SailPoint we believe every team—from account teams to product management, to engineering to post-sale support and customer success—must work together to ensure every single customer achieves its objectives and realizes value faster. 

But we don’t stop there. We asked SailPoint customers what they believe makes a great partner and trusted advisor. Here is a summary of what we heard:

Enterprises often rely on experts who can adapt quickly to the complex and ever-evolving enterprise environment. This is where technology partners come in. A great partner will listen attentively to understand your specific enterprise needs before proposing alternative solutions. And, perhaps most importantly, all of the customers agreed technology partners need to deliver a robust technology solution that drives efficiencies, flexibility, and scalability.

Watch the full video to hear why enterprises chose SailPoint.

The post Voices of experience: choosing the right technology partner for modern enterprise  appeared first on SailPoint.

At the same time, auditing and compliance processes have become more and more resource-intensive, burdening IT departments and keeping them from strategic initiatives as they’re overwhelmed with repetitive tasks and operations.

SailPoint customers share the security challenges they have faced that move identity security to the top of their long list of priorities. Watch the video below to hear from our customers first-hand why establishing a unified, robust identity security program matters.

The post Voices of experience: Navigating the complexities of identity security appeared first on SailPoint.

We agree that there’s no better source than to hear real-world examples from your peers, so we asked customers what impact they see from partnering with SailPoint and what they have been able to achieve with identity security.

IT leaders across multiple industries shared the benefits they’ve gained from deploying SailPoint solutions, such as:

• Operational transformation and cost savings: Automation shifts operations from manual, time-consuming processes to streamlined workflows, reducing operational costs and providing a significant return on investment. Onboarding and offboarding tasks that used to take days are now a matter of hours or even minutes. 

• Better insights and informed decision-making: SailPoint offers businesses a comprehensive understanding of who operates within the organization and what are they doing. This heightened visibility not only strengthens security measures but also enables informed decisions at all levels.

• Strategic focus and integration: By taking care of the platform management, user experience and automation, SailPoint helps IT to move away from routine tasks and customization towards more valuable projects and strategic initiatives. Integration with other applications enhances the platform’s flexibility, fostering a unified approach to identity security.

But don’t take our word for it. Watch the video to hear more directly from our customers.

The post Voices of experience: real-world examples of why investing in identity security pays off appeared first on SailPoint.

I have a fervent belief that in the software business, customers choose SailPoint as a vendor based on the value we create, the efficiency we identify and the speed of execution we add to our customers’ value chain (I’ll leave that for a later blog post!). However, a major factor in why customers choose to STAY with us is because of the resources we bring to our partnership, especially as it relates to thought leadership and a culture of execution. Let’s take a moment to delve into the many resources available in SailPoint’s customer success organization that drive our customers towards better business outcomes and differentiate us from the other guys.

First, we’ve got over 500 customer success professionals who are fully dedicated to maximizing the return on investment of our customers. SailPoint’s customer success teams orient around your goals. It’s your journey and our expertise working in concert every step of the way.

Our SailPoint communities are ROBUST and unmatched in the space. The Compass Community has more than 100,000 registered members who participate in discussion forums, virtual user groups, live-webinars, events and engage with global product support. If you are more technically inclined, we have a Developer Community with over 7,000 registered developers who collaborate on tools, APIs, create and build guides. Need a more personal touch? Join one of our live events or attend one of the many Developer Days hosted each year.

In essence, SailPoint is more than just a provider of identity security solutions; we’re your strategic partner in the ongoing battle to protect your organization’s most valuable assets. By leveraging our expertise, guidance, and support through SailPoint customer success initiatives and communities, we help you navigate the complexities of identity security with confidence, knowing that you have a dedicated team of experts by your side. Experts with PROVEN EXPERIENCE to get the job done right. Together, we look forward to a future where your identities are secure, your data is protected, and your organization is empowered to thrive in the digital age.

Our Customer Success Community is just different. We specialize in:

Driving measurable outcomes: SailPoint is not just about implementing security measures; we’re focused on delivering tangible results for our customers. Our customer success teams work diligently to define key performance indicators and metrics that align with your business objectives. By tracking and analyzing these metrics, SailPoint ensures that your identity security initiatives deliver measurable outcomes, such as reduced risk exposure, improved compliance, and increased operational efficiency. With SailPoint, you can quantify the impact of your security investments and demonstrate tangible value to stakeholders across your organization.

Digital customer success processes: SailPoint leverages cutting-edge digital customer success processes to ensure that customers are oriented toward success from the outset. Through personalized onboarding experiences, interactive self-service portals, and proactive communication channels, SailPoint’s digital customer success initiatives provide customers with the tools and resources they need to hit the ground running. By embracing digital technologies, SailPoint creates seamless and intuitive experiences that empower customers to maximize the value of their identity security solutions, driving success at every stage of the journey. Focusing on digital interaction from the outset of our relationship ensures that we’re delivering best-in-class service which is consistent to EVERY customer. Moving forward, we intend to continue to make this a key area to drive seamless partnership.

Tailored solutions, tailored to you: SailPoint understands that every organization is unique, with its own distinct set of challenges and requirements. That’s why our customer success teams are dedicated to crafting solutions that are perfectly tailored to fit your specific needs. By working closely with you to understand your business objectives, SailPoint ensures that every aspect of your identity security strategy is aligned with your goals, seamlessly integrating into your existing workflows while providing maximum protection.

Empowerment through education: SailPoint is committed to ensuring that your team is well-equipped to play their part. Through comprehensive training programs and resources, our customer success teams empower your employees with the knowledge and skills they need to become proactive defenders of your identities. From best practices to hands-on training sessions, SailPoint’s educational resources, like Identity University, empower your team to recognize and respond to threats effectively, strengthening your overall security posture.

Support every step of the way: Implementing identity security solutions can be complex, but with SailPoint’s customer success teams by your side, you’re never alone. From initial deployment to ongoing maintenance, we provide hands-on support and guidance every step of the way. Whether you’re configuring systems, troubleshooting issues, or fine-tuning your security policies, SailPoint experts are there to ensure a smooth and successful implementation, helping you navigate any challenges that may arise with confidence.

Continuous improvement, continuous protection: Security is not a one-and-done endeavor; it requires constant vigilance and adaptation. SailPoint understands this implicitly and is committed to your long-term success. Through proactive monitoring and analysis, our customer success teams are focused on ensuring that we’re continually bringing you best practices and guidance that are relevant to your business.

A partnership built on trust: At the core of SailPoint’s customer success philosophy is a commitment to building strong, collaborative partnerships with our customers. We’re not just vendors; we’re trusted advisors, invested in your success every step of the way. By fostering open communication, transparency, and mutual respect, SailPoint’s customer success teams ensure that you have the support and guidance you need to tackle even the most formidable security challenges with confidence.

We’re not an up-and-comer type of organization. We’re firmly the established leader in the space and intend to stay on the mountaintop. Our customer success professionals look forward to helping you solve your goals.

See what SailPoint can do for your organization. Request a demo today. We look forward to working with you!

The post What makes SailPoint different? Our relentless pursuit of customer success appeared first on SailPoint.

Identity security is a critical part of the dynamic digital landscape and is essential for risk mitigation, compliance, and operational efficiency. It’s an enabling technology that provides greater security for organizational resources and a foundation for greater agility and ability to react to future business needs.

Yet, as powerful as identity security can be, our recent Horizons of Identity report, surveying 375 identity security decision-makers revealed a number of challenges, including:

• Security professionals are struggling to communicate the business value of identity
• Most companies are at ground level, 4 in 10 companies are in the early stages of their identity security journey
• Even mature companies cover less than 70% of the identities in their organization

A result is that many IT leaders struggle to overcome roadblocks in their identity security journey, such as budget constraints, limited sponsorship focus, access to technical talent, and a lack of consideration of organizational changes on access models.

In short, identity security is critical for an organization’s long-term growth and agility, but many organizations have roadblocks limiting its effective implementation.

Luckily, SailPoint customers and some of the world’s most complex organizations are leading the way in showing how identity security can become an effective solution for both business and IT. During Navigate 2023, security leaders from Best Buy, Cognizant, and ExxonMobil shared their first-hand experience and on-the-ground tips for overcoming roadblocks and building a solid business case for identity security.

How to identify the right priorities and keep stakeholders involved
A critical mistake some organizations make regarding identity security is looking for a simple solution to a complex problem. In reality, an effective and strategic solution to identity security is rarely straightforward.

To get some perspective on how leading organizations are solving complex identity security challenges, we asked Greg Handrick, Engineering Director, Identity & Access Management at Best Buy and Gary Remy, Senior Director, Global Head of Identity & Access Management at Cognizant for insights into how they’ve successfully secured the proper priority for identity security and gained the involvement of key business stakeholders.

Handrick’s team further found that it was essential to make sure stakeholder efforts were balanced, and that it was necessary to bring everyone to the table. “We have a steering committee where we bring those stakeholders together on an easy six-week cadence for an hour. It enables everyone to discuss any problems and challenges as well as our current goals and allows us to define our priorities,” said Handrick.

For Gary Remy and Cognizant, an essential part of their approach with stakeholders is recognizing that each one has different objectives and drivers. “Since no two stakeholders are alike, we’re always looking at exactly what they’re trying to achieve and how we can help them through identity security. It helps anchor us back to the challenge we’re trying to solve and the outcomes we focus on.”

Cognizant has multiple ways of engaging with stakeholders. “We’ve started taking a high-touch, high-engagement approach to everything we do,” said Remy. “We have an IAM road show that goes out to different senior-level leadership groups across the firm and a technical working group that can get more hands-on. We also engage with our Strategic Risk Committee and Executive Oversight Committee.” All that work pays off.

The end effect of all that engagement for Cognizant, and having their stakeholders engaged and having a seat at the table, is an identity security journey that’s more collaborative and more unified in its approach.  

Top things to do and pitfalls to avoid
Identity security can be a complex problem for organizations to solve. But to gather consensus with stakeholders, IT leaders often need to present simpler solutions to help get them on board. In reality, identity security is an ongoing journey that the best companies will continue to refine as they go.

To learn how leading companies have cracked the code and implemented a robust and ongoing identity security program, we asked Larry Klein, Manager, Identity Governance and Administration at ExxonMobil, and Greg Handrick from Best Buy to share their top tips and pitfalls to avoid.

“My first suggestion for organizations is to focus on process simplification and harmonization,” said Klein. “It’s not just taking great technology and implementing it; you have to focus on redoing complex processes that are causing support nightmares.”

For ExxonMobil, the identity security program has given Klein’s team the authority to challenge any process and identify new, more efficient ways to design them. Occasionally, changing some processes may result in too much risk, so those are left as is. Otherwise, Klein’s team is able to streamline and simplify processes as they deploy identity security.

From Handrick’s perspective at Best Buy, the first tip for success is understanding the environment—the technology, the stakeholders, the business objectives, and how things might evolve. His second tip is to tailor your identity security message for your audience—recognize that how you discuss with the CFO will differ from how you discuss it with someone in marketing.

“My third top tip is to always deliver on the basics,” said Handrick. “Nobody will want to talk strategy with you if you can’t deliver the ability to create an account accurately and timely every time.”

Organizations are also advised to focus on change management for success. “We’re on a multi-year journey to replace over 20 different in-house custom-built apps while redesigning over 50 processes, so it’s going to take time,” said ExxonMobil’s Klein. “You have to plan for evolution and having multiple rollouts, multiple changes, and have a good change management plan, along with empathy for your business units.”

Klein also points out the value of having a people strategy. How are you going to staff the project? Are you using internal employees, external vendors, or partners? And what type of training is needed, and how will the vendors know about company culture?

“The key is to have all that laid out ahead of time as well as a people development strategy that allows for people to leave and join the project and company in ways that don’t impact the transformation.”

Insights into how identity security enables the business
Ultimately, all the questions about the value of implementing identity security come down to its impact on the business. To gain perspective on that issue, Gary Remy from Cognizant and Larry Klein from ExxonMobil shared their perspectives on the business impact of their identity security programs.

“We’re definitely getting good feedback and support from our C-suite,” said Remy. “It lets us shift from a tool-centric approach to a more outcomes-based approach, so we’re talking more about why we’re doing it and the business purpose.”

Just as important, Cognizant’s identity security program is gaining internal visibility so that everything from the company’s development practice to its client audit team is reaching back to the internal IAM team for subject matter expertise and getting them involved with clients on various identity topics.

For Klein and ExxonMobil, central administration is crucial to senior leadership. “The concept of one team handling all the practices and policies certified by risk management instead of every team trying to figure it out, or not doing it, is huge,” said Klein. A second significant value is auto-assigned access.

How to overcome the knowledge gap
An essential step in achieving identity security success for any company is overcoming the knowledge gap between the IT department and various stakeholders, especially when everyone has expertise in different areas.

“Not everyone you talk to is going to understand identity security the way we do,” said Best Buy’s Handrick. “That’s why I follow Steven Covey’s advice to seek first to understand and then to be understood. It’s valuable to talk to the stakeholders—figure out their goals, challenges, business drivers, and pains so it can inform what you do.”

Another tip is tailoring your message. “We have all these different engagement channels, and we’re constantly communicating to different stakeholders in a myriad of ways, whether it’s the value that the solution will bring to them or an explanation of why we have to put some level of control in place,” said Cognizant’s Remy. “Overall, you want to simplify and standardize the message to what the audience can understand.”

Unblocking identity security
Successful identity security projects require attention to detail, good communication skills, and the right technologies. However, by following best practices and learning from leading companies that have already succeeded in deploying identity security, organizations of any size can increase their security while building an agile, unified identity platform that supports future growth.

Watch the Navigate 2023 customer panel that featured Best Buy, Cognizant, and ExxonMobil.

The post Best Buy, Cognizant, and ExxonMobil talk all things identity security appeared first on SailPoint.

How are businesses currently thinking about identity security?
For some organizations, identity security has moved from a behind-the-scenes enabling infrastructure technology to a customer-facing capability that adds value for customers and enables new business processes.

Since identity security often touches almost all points of an organization’s IT environment, an identity security project can have significant ramifications. Such ramifications need to be justified to senior business leaders and stakeholders.

A good example is customer software giant Salesforce. “At Salesforce, trust is our number one value,” said Lori Robinson. “So, I’ve been able to capitalize on that by coupling it with identity attacks, one of the biggest threat vectors for companies like ours. Our executive leadership is aware of that, so identity initiatives at Salesforce have a high priority on our corporate objectives.”

When necessary, Robinson makes sure to reinforce the message that identity is essential internally. “We still get a lot of pushback since people have other priorities,” Robinson said. “So, we have to do a lot of education and training on how it can be a security risk, but we always get there.”

For Cody Warhurst from Keurig Dr Pepper, selling internal stakeholders on identity security often focuses on effectiveness and efficiency.

“When users don’t have the right access, it can impact our ability to use people and resources effectively,” said Warhurst. In addition, Warhurst notes the importance of identity security to compliance, including the recertification of access privileges and the impact on the organization when access is improperly denied.

What business priorities are driving identity security?
No business wants to find out they failed an audit or have to discuss audit failures with their board of directors. In fact, compliance is one reason many organizations initially invest in identity security. These days, companies have a much better understanding of the impact of poor identity management. Specifically, its impact on productivity and how identity security can enable people to get their work done efficiently. For Keurig Dr Pepper, the focus on efficiency is a critical driver for continued investments in identity security.

For Keurig Dr Pepper, the focus on efficiency is a critical driver for continued investments in identity security. “People are getting smarter about the possibilities of how identity security can drive enablement,” Warhurst said. “They want more efficiency in their processes for sure.”

A key driver of identity security for Salesforce comes down to three words: enabling secure access. “I always say that every one of those words is really important, and we do have to enable the business and do it securely,” Robinson said. “Sometimes companies over-focus on compliance since people can relate to it, but I believe when you’re designing for compliance, you’re not designing the right way. Instead, you need to design to enable the business while protecting it.”

Next steps with identity security
Many organizations used to think of identity security as a project. But as the world gets more complex and risks increase in frequency and potential harm, it’s more apparent than ever that identity security is an ongoing program, not a one-time project. It’s a long game with lots of milestones along the way.

Companies like Salesforce that have the essential identity security basics covered are moving in more advanced directions, including leveraging new capabilities made available by artificial intelligence (AI) and machine learning (ML).

“We’re injecting AI and ML into everything we’re doing, starting with experiences,” Robinson said. “For example, how do we simplify the onboarding process for administrators to our services and make it more self-service while improving the user experience?”

Salesforce also continues to focus on zero trust and verifying all traffic and all identities, including nonhuman ones such as service accounts or machines. “Ensuring that we have strong authentication and fishing resistance is big,” Robinson adds. “But we’re also focusing on how we can corral threat actors if they breach our environment, continuously monitoring and adapting to signals from different things happening in our environment and responding to in the identity environment.”

As Keurig Dr Pepper continues its move to the cloud, the company is streamlining processes and ensuring its employees have the proper access at the right time for optimal efficiency. “We’re excited about the things that cloud enables us to do, such as scale and move fast enough to match our business needs,” said Warhurst. “To do that, we’re embracing security by design as a company, and identity security is a central part of that.”

Tips for identity security success
When it comes to identity security, each organization has particular needs. It can be a complex challenge to figure out the optimal way to use identity security within your organization, so it’s helpful to have tips from experts who have gone first.

For Robinson at Salesforce, an essential learning in effectively deploying identity security relates to controlling the process for the right reasons.

“You’ve got to have a vision and strategy for where you want to take IGA and find ways to bring the business along with you and force them to use your patterns,” said Robinson.

In addition, Robinson suggests that organizations focus on data. “Data matters,” Robinson said. “Many organizations have multiple identity systems in their environment and don’t have a clean data layer. So, if you’re just starting, think about the data layer. It’s important to everything else you do.”

From Warhurst’s perspective at Keurig Dr Pepper, a crucial step for a successful identity security program is to embrace, really embrace, your users.

“Find out what the user’s experience is like. Develop empathy for the user. Talk to the user,” said Warhurst. “Embracing your customers and finding out what they’re facing as they interact with applications will help a technology-focused team design more effective solutions for real-world situations.”

Driving business value
Companies such as Keurig Dr Pepper and Salesforce are leading the way in showing how identity security technologies not only fulfill crucial security requirements but are also enabling business growth and future agility. From helping employees get their work done more effectively to enabling secure remote access to enabling trust, identity security is the technology engine that’s driving future business value.

Watch the Navigate 2023 customer panel that featured Salesforce and Keurig Dr Pepper.

The post Keurig Dr Pepper and Salesforce discuss transforming their businesses with identity security appeared first on SailPoint.