ORLANDO -- One of the major product announcements during this week’s Navigate user conference was SailPoint’s Privilege Task Automation (PTA), a workflow-based security solution that automates privileged access management (PAM) tasks. This makes PAM easier to deploy while removing the need for direct human interaction with command lines. We spoke with SailPoint President Matt Mills about the future of this technology while at the Orlando conference.
Can you explain SailPoint's approach to privileged access management?
Mills: When we think of privilege, it's "deep but narrow." At SailPoint, we've been doing some semblance of privilege in our day-to-day governing of identities. While we don't do vaulting per se (though we do have a password product), and we don't do monitoring or secrets, privilege is really at the core of our Identity Governance and Administration (IGA).
How is SailPoint approaching the unified management of both human and non-human privileged accounts?
Mills: We believe AI must be ubiquitous in the product—it can't be hit and miss or something you have to turn on. When we think about convergence, we believe in it at another level. We see a convergence of outcomes, where how we solve problems tomorrow will be different than how we solved them last year.
Our intent was never to build another privileged access management tool. Instead, our view was to take highly differentiated things and look ahead to how things might be in the next two to three years. This manifests in our next-generation Identity Security solution, which addresses significant privilege problems while making deployment easier.
How is AI and workflow automation shaping the future of privileged access?
Mills: Looking ahead, AI will take on a bigger role, but there are challenges around audit requirements. The audit side wants assurances that decisions are transparent and consistent, especially with large language models. They want to understand how decisions are being made and where the data comes from.
While some of this is happening now, companies are cautious about getting too far ahead of market readiness. You don't want to spend a huge R&D budget to deliver something before buying habits are established. We might have some evangelical buyers, but it's probably not ready for primetime yet. That said, we're approaching solutions to these problems.
How does SailPoint’s existing infrastructure enhance PTA's capabilities?
Mills: Some of that is in process —we're keenly aware of it. When we think of privilege, we believe we're able to deliver PTA in a much more expedited fashion because of the underpinnings and fine granularity that we're able to get in our provisioning. What we've already got in the product gives us the ability to do some things that maybe others can't.
We've got work to do on the security angle - and when I say security, I'm talking about making sure we're building this in a way that we get that level of transparency and granularity that our customers need and want.
Where do you see identity security having the greatest impact in the next few years?
Mills: Today we talk about convergence horizontally, but there's another level of convergence vertically. We've been taught that if you can secure the firewall— the outside-in approach—and nobody can get in, then you're safe. But we know now that's not the case. Even with sophisticated solutions using AI and predictive capabilities, 90% of breaches in corporate America are coming from inside out.
With our Atlas platform, unified data model, and our new Identity Graph, we can start doing some really cool things by ingesting large sums of data to build that next level of insight and be more predictive. Time is so important — in most companies today, the identity people sit in one place and the security people sit in another. Being able to pull that data together to not only identify but remediate in near real-time is significant for minimizing the blast radius of potential breaches.