The Right Way to Implement Risk Management: Mapping Compliance to Security Practices

Does addressing risk-based security decisions for your organization mean that you are also compliant in the eyes of the auditors? This is a general question Ericka Chickowski addresses in her recent article for Dark Reading – “Mapping Compliance Proof To Risk-Based Controls.” It is a compelling article that addresses a debate our industry has faced [...]

How Providence Health Built Its Next Generation IAM

If your hospital emergency room is in beautiful downtown Burbank, California, chances are you are going to have some pretty well-known people walk in from the various movie and TV studios that populate the town. And, if you are the System Director of Enterprise Security for the company that owns that hospital, you have a [...]

Building a Business Case for Governance-based Identity Management

As 2011 comes to a close, it’s time once again to plan for future IdM requirements and define budget needs for 2012. Based on today’s business drivers – from security and risk management, to increasing compliance requirements, to the need to streamline delivery of access to users across the business – many organizations are placing [...]

FTC Fines Ceridian and Lookout Services for Inadequate Controls

Last week, the FTC announced that both Ceridian Corporation and Lookout Services, Inc. have agreed to settlements related to security breaches that occurred in 2009. In Ceridian’s case, the breach exposed the Social Security numbers and direct deposit information of roughly 28,000 individuals; the Lookout breach exposed the Social Security numbers of approximately 37,000 consumers. [...]

What’s the Most Direct Path to Good Corporate Governance?

Last week’s oil spill has me thinking about how – and when – government regulation is the ideal path to mandate corporate governance. Specifically in the IdM space, I’ve watched government regulations evolve to address transparency, privacy and consumer data protection. As I look back at what’s happened, it’s apparent that most of these data [...]

Report: Compliance Drives Security Budgets

I read a very interesting Forrester report last week commissioned by Microsoft and RSA. It was based on a survey of 305 IT security decision makers and assesses data security practices at enterprises around the world. A key takeaway from the report is the fact that compliance, not security, drives security budgets. I don’t think [...]

SailPoint Unveils a New Approach to Provisioning

This morning, we announced a next generation provisioning product that builds on the governance framework provided by our core product, IdentityIQ. The announcement is a culmination of almost two years’ work internally at SailPoint, and we believe it represents an evolutionary shift in the provisioning market that will benefit any company that is struggling to [...]

Feet on the Street: RSA Highlights Cloud and Cybersecurity

This week, several members of the SailPoint team made the annual trek to the industry’s biggest security event, the RSA Conference. As always, the conference was a high-paced mix of conference sessions, technology debates, and meetings with customers and partners. I’m always interested in what themes get the most play at RSA. This year, I’d [...]

Achieving Auditable Compliance with NERC CIP Reliability Standards

Beginning in 2010, energy producers and distributors face a looming challenge – to become “auditably compliant” with the Critical Infrastructure Protection (CIP) standards by the July 1, 2010 deadline. Developed by NERC, an independent, not-for-profit organization whose mission is to ensure the reliability of the bulk power system in North America, and given the force [...]

Market Pulse Survey: Divide Between Business and IT Persists

We recently conducted our third Market Pulse Survey, which focused on the key drivers of access certifications and how organizations ensure their access privileges align with business policy. According to the 150 respondents, including many readers of this blog, there is clear evidence business users involved in these processes don’t fully understand what they are [...]