Transcript
of a BriefingsDirect podcast on the basic tenets of identity and access
management in a rapidly changing and growing IT world.
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: SailPoint Technologies.
Dana Gardner: Hi, this is
Dana Gardner, Principal Analyst at
Interarbor Solutions and you're listening to
BriefingsDirect.
Today, we present a sponsored podcast discussion on learning new best
practices for managing the rapidly changing needs around
identity and access management (IAM).
Any
modern business has been dealing with IAM from day one. But now, with more
critical elements of business extending beyond the enterprise, access control complexity has been ramping up due to
cloud,
mobile,
bring your own device (BYOD), and
hybrid computing. And greater complexity forms a major deterrent to secure, governed, and managed control over who and what
can access your data and services -- and under what circumstances.
So
while cloud gets a lot of attention, those of us working with
enterprises daily know that the vast majority of businesses are, and
will remain, IT hybrids, a changing mixture of
software as a service (SaaS), cloud, mobile, managed hosting models, and of course, on-premises IT systems.
We're
here with a Chief Technology Officer for a top IAM technology
provider to gain a deeper understanding of the various ways to best
deploy and control access management in this ongoing age of hybrid
business.
Here to explore five critical tenets of best
managing the rapidly changing needs around identity and access
management is our guest,
Darran Rolls, Chief Technology Officer at SailPoint Technologies in Austin, Texas. Welcome, Darran.
Darran Rolls: Thank you.
Gardner:
Darran, changes in IT are forcing a rethinking of
deployment models and in user behaviors. Therefore governance of
these critical business processes needs to adjust. But let’s just focus
on what does not change, despite this hybrid environment we now find
ourselves in. There must be
some basic, bedrock principles that we can look to that will guide us as
we're trying to better manage access and identity.
Rolls:
Absolutely, there are, and I think that will be a consistent topic of
our conversation today. It's something that we like to think of as the
core tenets of IAM. As you very eloquently pointed out in your
introduction, this isn't anything new. We've been struggling with
managing identity and security for some time. The changing IT
environment is introducing new challenges, but the underlying principles
of what we're trying to achieve have remained the same.
The idea of
holistic management for identity is key.
There's no question about that, and something that we'll come back to is
this idea of the weakest link -- a very commonly understood security
principle. As our environment expands with cloud, mobile, on-prem, and
managed hosting, the idea of a weak point in any part of that environment
is obviously a strategic flaw.
As we like to say at
SailPoint, it’s an
anywhere identify principle. That means all people --
employees, contractors, partners, customers, basically from any device,
whether you’re on a desktop, cloud, or mobile to anywhere. That includes
on-prem enterprise apps, SaaS apps, and mobile. It’s certainly our
belief that for any IAM technology to be truly effective, it has to span
all for all -- all access, all accounts, and all users; wherever they
live in that hybrid runtime.
Gardner: So we're in an environment now where we have to maintain those bedrock principles for true enterprise-caliber
governance,
security,
and control, but we have a lot more moving parts. And we have a
cavalcade of additional things you need to support, which to me, almost
begs for those weak links to crop up.
So how do you combine the two? How do you justify and reconcile these two realities -- secure and complex?
Addressing the challenge
Rolls:
One way comes from how you address the problem and the challenge. Quite often, I'm asked if there's a compromise here. If I
move my IAM to the cloud, will I still be able to sustain my controls
and management and do risk mitigation, which is what we were trying to
get to.
My advice is if you're looking at an
identity-as-a-service (IDaaS)
solution that doesn’t operate in terms of sustainable controls and risk
mitigation, then stop, because controls and risk mitigation really are
the core tenets of identity management. It’s
really important to start a conversation around IDaaS by quite clearly
understanding what identity governance really is.
This
isn’t an occasional, office-use application.
This is critical security infrastructure. We very much have to remember
that identity sits at the center of that security-management lifecycle,
and at the center of the users’ experience. So it’s super important that
we get it right.
So in this respect, I like to think
that IDaaS is more of a deployment option than any form of a compromise.
There are a minimum set of table stakes that have to be in place. And,
whether you're choosing to deploy an IDaaS solution or an on-prem
offering, there should be no compromise in it.
We have
to respect the principles of global visibility and control, of
consistency, and of user experience. Those things remain true for cloud
and on-prem, so the song remains the same, so to speak. The IT
environment has changed, and the IAM solutions are changing, but the
principles remain the same.
Gardner: I was
speaking with some folks leading up to the recent
Cloud Identity Summit, and more and more, people seem to be thinking that the
IAM is the true
extended enterprise management. It's more than just the identity in access,
but across services and so essential for extended enterprise
processes.
Being more inclusive means that you need to have the best of all
worlds. You need to be able to be doing well on-premises as well as in
the cloud, and not either/or.
Also, to
your point, being more inclusive means that you need to have the best of
all worlds. You need to be able to be doing IAM well on-premises, as well as
in the cloud -- and not either/or.
Rolls: Most
of the organizations that I speak to these days are trying to manage a
balance between being enterprise-ready -- so supporting controls and
automation and access management for all applications, while being very
forward looking, so also deploying that solution from the cloud for cost and
agility reasons.
For these organizations, choosing
an IDaaS solution is not a compromise in risk mitigation, it’s a conscious
direction toward a more off-the-shelf approach to managing identity.
Look, everyone has to address security and user access controls, and
making a choice to do that as a service can’t compromise your position
on controls and risk mitigation.
Gardner: I
suppose the risk of going hybrid is that if you have somewhat of a distributed approach
to your IAM capabilities, you'll lose that all-important single view of management. I'd like to hear more, as we get into these
tenets, of how you can maintain that common control.
You have put in some serious thought into
making a logical set of five tenets that help people understand and deal
with these changeable markets. So let’s start going through those. Tell
me about the first tenet, and then we can dive in and maybe even hear
an example of where someone has done this right.
Focusing on identity
Rolls:
Obviously it would be easy to draw 10 or 20, but we like to try and
compress it. So there's probably always the potential for more. I
wouldn’t necessarily say these are in any specific order, but the first
one is the idea of
focusing on the identity and not the account.
This
one is pretty simple. Identities are people, not accounts in an on-line
system. And something we learned early in the evolution of IAM was that
in order to gain control, you have to understand the relationships
between people -- identities, and their accounts, and between those
accounts and the entitlements and data they give access, too.
So
this tenet really sits at the heart of the IAM value proposition -- it's
all about understanding who has access to what, and what it really
means to have that access. By focusing on the identity -- and capturing all
of the relationships it has to accounts, to systems, and to data -- that helps
map out the user security landscape and get a complete picture of how
things are configured.
Gardner: If I understand
this correctly, all of us now have multiple accounts. Some of them
overlap. Some of them are private. Some of them are more business-centric. As we get into the
Internet of Things, we're going to have another end-point tier associated with a user, or an identity, and that might be
sensors or machines. So it’s important to maintain the identity focus,
rather than the account focus. Did I get that right?
Rolls:
We see this today in classic on-prem infrastructure with system-shared
and -privileged accounts. They are accounts that are operated by the
system and not necessarily by an individual. What we advocate here, and
what leads into the second tenet as well, is this idea of visibility. You
have to have ownership and responsibility. You assign and align the
system and functional accounts with people that can have responsibility.
The consequences of not understanding and accurately managing those
identity and account relationships can be pretty significant.
In
the Internet of Things, I would by no means say that it's nothing new,
because if nothing else, it's potentially a new order of scale. But it's
functionally the same thing: Understanding the relationships.
For example, I want to tie my
Nest
account back to myself or to some other individual, and I want to
understand what it means to have that ownership. It really is just more
of the same, and those principles that we have learned in enterprise IAM
are going to play out big time when everything has an identity in the Internet of Things.
Gardner: Any
quick examples of tenet one, where we can identify that we're having
that focus on the user, rather than the account, and it has benefited them?
Rolls:
For sure. The consequences of not understanding and accurately managing
those identity and account relationships can be pretty significant.
Unused and untracked accounts, something that we commonly refer to in
the industry as "orphan accounts," often lead to security breaches.
That’s why, if you look at the average identity audit practice, it’s
very focused on controls for those orphan accounts.
We
also know for a fact, based on network forensic analysis that happens
post-breach, that in many of the high-profile, large-scale security
breaches that we've seen over the last two to five years, the back door
is left open by an account that nobody owns or manages. It’s just there.
And if you go over to the dark side and look at how the bad guys
construct vulnerabilities, first things they look for are these
unmanaged accounts.
So it’s low-hanging fruit for IAM to better manage these accounts because the consequences can be fairly significant.
Tenet two
Gardner: Okay, tenet two. What’s next on your priority list?
Rolls: The next is two-fold.
Visibility is king, and silos are bad. This is really two thoughts that are closely related.
The
first part is the idea that
visibility is king, and this comes from the
realization that you have to be able to capture, model, and visualize
identity data before you have any chance of managing it. It’s like the
old saying that you can’t manage what you can’t measure.
It’s
same thing for identity. You can’t manage the access and security you
don’t see, and what you don’t see is often what bites you. So this tenet
is the idea that your IAM system absolutely must support this idea of
rapid, read-only aggregation of account and entitlement information as a
first step, so you can understanding the landscape.
The
second part is around the idea that
silos of identity management can be
really, really bad. A silo here is a standalone IAM application or what
one might think of as a domain-specific IAM solution. These are things
like an IDaaS offering that only does cloud apps or an
Active Directory-only
management solution, basically any IAM tool that creates a silo of
process and data. This isolation goes against the idea of visibility and
control that we just covered in the first tenant.
In education, we say "no child left behind." In identity, we say “no account left behind, and no system left behind.”
You
can’t see the data if its hidden in a siloed system. It’s isolated and
doesn't give you the global view you need to manage all identity for all
users. As a vendor, we see some real-world examples of this. SailPoint
just replaced a legacy-provisioning solution at a large US based bank,
for example, because the old system was only touching 12 of their core systems.
The legacy IAM system the bank had was a silo managing just the
Unix
farm. It wasn't integrated and its data and use case wasn’t shared. The
customer needed a single place for their users to go to get access, and
a single point of password control for their on-prem Unix farm, and for
their cloud-based, front-end application. So today
SailPoint’s IdentityNow provides that single view for them, and things are working
much better.
Gardner: It also reminds me
that we need to be conscious of supporting the legacy in the
older systems, recognizing that they weren't designed necessarily for
the reality we're in now. We also need to be flexible in the sense
of being future-proof. So it's having visibility across your models that are
shifting in terms of hybrid and cloud, but also visibility across the
other application sets and platforms that were never created with this
mixture of models that we are now supporting.
Rolls:
Exactly right. In education, we say "no child left behind." In
identity, we say “no account left behind, and no system left behind.” We
also shouldn’t forget there is a cost associated with maintaining those
siloed IAM tools, too. If the system only supports cloud, or only
supports on-prem, or managing identity for mobile, SaaS, or just one
area of the enterprise -- there’s cost. There's a real dollar cost for
buying and maintaining the software, and probably more importantly, a
soft cost in the end-user experience for the people that have to manage
across those silos. So these IAM silos are not only preventing
visibility and controls, but there is big cost here, a real dollar cost to
the business, as well.
Gardner: This gets
closer to the idea of a common comprehensive view of all the data
and all the different elements of what we are trying to manage. I think
that's also important.
Okay, number three. What are we
looking at for your next tenet, and what are the ways that we can
prevent any of that downside from it?
Complete lifecycle
Rolls: This tenet comes from the
school of identity hard knocks,
and is something I’ve learned from being in the IAM space for the past
20 or so years -- you have to
manage the complete lifecycle for both the
identity, and every account that the identity has access to.
Our
job in identity management, our “place” if you will in the security
ecosystem, is to provide cradle-to-grave management for corporate
account assets. It's our job to manage and govern the full lifecycle of
the identity -- a lifecycle that you’ll often hear referred to as JML,
meaning Joiners, Movers and Leavers.
As you might
expect, when gaps appear in that JML lifecycle, really bad things start
to happen. Users don’t get the system access they need to get their jobs
done, the wrong people get access to the wrong data and critical things
get left behind when people leave.
Maybe
the wrong people get access to the wrong data. They're in the
Move
phase. Then things get left behind when people leave. You have to track
the account through that JML lifecycle. I avoid using the term "cradle
to grave," but that’s really what it means.
That’s a very big issue for most companies that we talked to. It’s captured in that lifecycle.
In general, worker populations are becoming more transient and work groups more dynamic.
Gardner:
So it’s not just orphan accounts, but it’s inaccurate or outdated
accounts that don’t have the right and up-to-date information. Those can
become back doors. Those can become weak links.
It
appears to me, Darran, that there's another element here in how our
workplace is changing. We're seeing more and more of what they call "
contingent workforces," where people will come in as contractors or third-party suppliers for a brief period of time, do a job, and get out.
It’s
this lean, agile approach to business. This also requires a greater
degree of granularity and fine control. Do you have any thoughts about
how this new dynamic workforce is impacting this particular tenet?
Rolls:
It’s certainly increasing the pressure on IT to understand and manage
all of its population of users, whether they're short-term contractors
or long-term employees. If they have access to an asset that the
business owns, it’s the business's fiduciary duty to manage the
lifecycle for that worker.
In general, worker
populations are becoming more transient and work groups more dynamic.
Even if it’s not a new person joining the organization, we’re creating
and using more dynamic groups of people that need more dynamic systems
access.
It’s becoming increasingly important for
businesses today to be able to put together the access that people need
quickly when a new project starts and then accurately take it away when
the project finishes. And if we manage that dynamic access without a
high degree of assured governance, the wrong people get to the wrong stuff,
and valued things get left behind.
Old account
Quite
often, people ask me if it would really matter when the odd account
gets left behind, and my answer usually is: It certainly can. A textbook
example of this when a sales guy leaves his old company, goes to join a
competitor, and no one takes away his
salesforce.com
account. He's then spends the next six months dipping into his old
company’s contacts and leads because he still has access to the
application in the cloud.
This kind of stuff happens
all the time. In fact, we recently replaced another IDaaS provider at a
client on the West Coast, specifically because “the other vendor” -- who
shall remain nameless -- only did just-in-time
SAML
provisioning, with no leaver-based de-provisioning. So customers really
do understand this stuff and recognize the value. You have to support
the full lifecycle for identity or bad things happen for the customer
and the vendor.
Gardner: All right. We were
working our way through our tenets. We're now on number four. Is there a
logical segue between three and four? How does four fit in?
Rolls:
Number four, for me, is all about consistency. It talks to the fact
that we have to
think of identity management in terms of consistency for
all users, as we just said, from all devices and accessing all of our
applications.
Practically speaking, this means that whether you sit with your Windows desktop in the office, or you are working from an
Android tablet back at the house, or maybe on your
smartphone
in a Starbucks drive-through, you can always access the applications
that you need. And you can consistently and securely do something like a
password reset, or maybe complete a quarterly user access certification
task, before hitting the road back to the office.
It’s very easy to think of consistency as just being in the IAM UI or
just in the device display, but it really extends to the identity API as well.
Consistency here means that you get the same basic user experience, and I use the term user
experience
here very deliberately, and the same level of identity service,
wherever you are. It has become very, very important, particularly as we
have introduced a variety of incoming devices, that we keep our IAM
services consistent.
Gardner: It strikes me
that this consistency has to be implemented and enforced from the
back-end infrastructure, rather than the device, because the devices are
so changeable. We're even thinking about a whole new generation of
devices soon, and perhaps even more
biometrics, where the device becomes an entry point to services.
Tell
me a bit about the means by which consistency can take place. This
isn't something you build into the device necessarily.
Rolls:
Yes, that consistency has to be implemented in the underlying service,
as you’ve highlighted. It’s very easy to think of consistency as just
being in the IAM UI or just in the device display, but it really extends
to the identity
API
as well. A very good example to explore this concept of consistency of
the API, is to think like a corporate application developer and
consider how they look at consistency for IAM, too.
Assume
our corporate application developer is developing an app that needs to
carry out a password reset, or maybe it needs to do something with an
identity profile. Does that developer write a provisioning connector
themselves? Or should they implement a password reset in their own
custom code?
The answer is, no, they don’t roll their
own. Instead they should make use of the consistent API-level services
that the IAM platform provides -- they make calls to the IDaaS service. The IDaaS service is then responsible for doing the actual password
reset using consistent policies, consistent controls, and a consistent
level of business service. So, as I say, its about consistency for all
use cases, from all devices, accessing all applications.
Thinking about consistency
Gardner:
And even as we think about the back-end services support, that itself
also needs to extend to on-prem legacy, and also to cloud and SaaS. So
we're really thinking about consistency deep and wide.
Rolls:
Precisely, and if we don’t think about consistency for identity as a
services, we're never going to have control. And importantly, we're
never going to reduce the cost of managing all this stuff, and we're
never going to lower the true risk profile for the business.
Gardner:
We're coming up or our last tenet, number five. We haven't talked too much about the behavior, the
buy-in. You can lead a horse to water, but you can't make him drink.
This, of course, has an impact on how we enforce consistency across all
these devices, as well as the service model. So what do we need to do to
get user buy-in? How does number five affect that?
Rolls:
Number five, for me, is the idea that
the end-user experience for
identity is everything. Once upon a time, the only user for identity
management was IT itself and identity was an IT tool for IT
practitioners. It was mainly used by the
help desk
and by IT pros to automate identity and access controls. Fortunately,
things have changes a lot since then, both in the identity
infrastructure and, very importantly, in the end users’ expectations.
The expectation is to move the business user to self service for pretty
much everything, and that very much includes Identity Management as a
Service as well.
Today, IAM really sits front and center for the business users IT experience. When we think of something like
single sign-on (SSO),
it literally is the front door to the applications and the services
that the business is running. When a line-of-business person sits down
at an application, they're just expecting seamless access via secured
single sing-on. The expectation is that they can just quickly and easily
get access to the things they need to get their job done.
They
also expect identity-management services, like password management,
access request, and provisioning to be integrated, intuitive, and easy
to use. So the way these identity services are delivered in the user
experience is very important.
Pretty much everything is
self-service these days. The expectation is to move the business user
to self-service for pretty much everything, and that very much includes
Identity Management as a Service (IDaaS) as well. So the UI just has to be done
right and the overall users’ experience has to be consistent, seamless,
intuitive, and just easy to deal with. That’s how we get buy-in for
identity today, by making the identity management services themselves
easy to use, intuitive, and accessible to all.
Gardner:
And isn’t this the same as saying making the governance infrastructure
invisible to the end user? In order to do that, you need to extend
across all the devices, all the deployment models, and the APIs, as well
as the legacy systems. Do you agree that we're talking about making it
invisible, but we can’t do that unless you're following the previous
four tenets?
Rolls: Exactly. There's been a lot
of industry conversation around this idea of identity being part of the
application and the users’ flow, and that’s very true. Some large
enterprises do have their own user-access portals, specific places that
you go to carry out identity-related activities, so we need integration
there. On the other hand, if I'm sitting here talking to you and I want
to reset my Active Directory password, I just want to pick up my iPhone
and do it right there, and that means secure identity API’s.
We
talked a good amount about the business user experience. It is very
important to realize that it’s not just about the end-user and the UI.
It also affects how the IDaaS service itself is configured, deployed,
and managed over time. This means the user experience for the system
owner, be that someone in IT or in the line of business -- it doesn’t
really matter who -- has to be consistent and easy to use and has to
lead to easier configuration, faster deployment, and faster time-to-value. We do that by making sure that the administration interface and
the API’s that support it are consistent and generally well thought out,
too.
Intersect between tenets
Gardner:
I can tell, Darran, that you've put an awful lot of thought into these
tenets. You've created them with some order, even though they're equally
important. This must be also part of how you set about your
requirements for your own products at SailPoint.
Tell
me about the intersect between these tenets, the marketplace, and what
SailPoint is bringing in order to ameliorate the issues that the problem
side of these tenets identify, but also the solution side, in terms of
how to do things well.
Rolls: You would expect
every business to say these words, but they have great meaning for us.
We're very, very customer focused at SailPoint. We're very engaged with
our customers and our prospects. We're continually listening to the
market and to what the buying customer wants. That’s the outside-in part
of the of the product requirements story, basically building solutions
to real customer problems.
Internally, we have a long
history in identity management at SailPoint. That shows itself in how we
construct the products and how we think about the architecture and the
integration between pieces of the product. That’s the inside-out part of
the product requirements process, building innovative products that
solutions that work well over time.
As SailPoint has strategically moved into the IDaaS space, we’ve brought
with us a level of trust, a breadth of experience, and a depth of IAM
knowledge.
So I guess that all really comes down
to good internal product management practices. Our product team has
worked together for a considerable time across several companies. So
that’s to be expected. It's fair to say that SailPoint is considered by
many in the industry as the thought leader on identity governance and
administration. We now work with some of the largest and most trusted
brand names in the world, helping them provide the right IAM
infrastructure. So I think we’re getting it right.
As
SailPoint has strategically moved into the IDaaS space, we’ve brought
with us a level of trust, a breadth of experience, and a depth of IAM
knowledge that shows itself in how we use and apply these tenets of
identity in the products and the solutions that we put together for our
customers.
Gardner: Now, we talked about the
importance of being legacy-sensitive, focusing on what the enterprise is
and has been and not just what it might be, but I'd like to think a
little bit about the future-proofing aspects of what we have been
discussing.
Things are still changing and, as we
said, there are new generations of mobile devices, more biometrics
perhaps doing away with passwords and identifying ourselves through the
device that then needs to filter back throughout the entire lifecycle of
IAM implications and end points.
So when you do this
well, if you follow the five tenets, if you think about them and employ
the right infrastructure to support governance in IAM for both the old
and the new, how does that set you up to take advantage of some of the
newer things? Maybe it’s big data, maybe it’s hybrid cloud, or maybe
it's agile business.
It seems to me that there's a virtuous adoption
benefit that when you do IAM well.
Changes in technologies
Rolls:
As you've highlighted, there are lots of new technologies out there
that are effecting change in corporate infrastructure. In itself, that
change isn’t new. I came into IT with the advent of distributed systems.
We were going to replace every
mainframe. Mainframes were supposed to be dead, and it's kind of interesting that they're still here.
So
infrastructure change is most definitely accelerating, and the options
available for the average IT business these days -- cloud, SaaS and
on-prem -- are all blending together. That said, when you look below the
applications, and look at the identity infrastructure, many things
remain the same. Consider a SaaS app like Salesforce.com. Yes, it’s a
100 percent SaaS cloud application, but it still has an account for
every user.
I can provide you with SSO to your account
using SAML, but your account still has fine-grained entitlements that
need to be provisioned and governed. That hasn’t changed. All of the new
generation of cloud and SaaS applications require IAM. Identity is at
the center of the application and it has to be managed. If you adopt a
mature and holistic approach to that management you are in good stead.
If you're not on board, you'd better get on board, because the challenges for identity are certainly not going away.
Another great example are the
mobile device management (MDM)
platforms out there -- a new piece of management infrastructure that
has come about to manage mobile endpoints. The MDM platforms themselves
have identity control interfaces. Its our job in IAM to connect with
these platforms and provide control over what’s happening to identity on
the endpoint device, too.
Our job in identity is to
manage identity lifecycles where ever they sit in the infrastructure. If
you're not on board, you'd better get on board, because the challenges
for identity are certainly not going away.
Interestingly,
I'm sometimes challenged when I make a statement like that. I’ll often
get the reply that "with SAML single sign-on, the the passwords go away
so the account management problem goes away, right?” The answer is that
no, they don’t. They're still accounts in the application
infrastructure. So good best practice identity and access management
will remain key as we keep moving forward.
Gardner:
And of course as you pointed out earlier, we can expect the scale of
what's going to be involved here to only get much greater.
Rolls: Yes, 100 percent.
Scale is key to architectural thinking when you build a solution today,
and we're really only just starting to touch where scale is going to go.
It’s very important to us at SailPoint, when we build
our solutions, that the product we deliver understands the scale of
business today and the scale that is to come. That affects how we design
and integrate the solutions, it affects how they are configured and how
they are deployed. It’s imperative to think scale -- that’s certainly
something we do.
Gardner: Very good. I'm afraid
we will have to leave it there. You've been listening to a sponsored
BriefingsDirect podcast discussion on new best practices for managing
the rapidly changing needs around identity and access management.
We’ve
seen how greater complexity is the chief detriment to secured,
governed, and responsive ID management. We've also seen how the
tried-and-true principles of ID are still there and need to be
maintained, even as we face greater scale and greater complexity across
more devices, tiers, and across the extended enterprise landscape.
So
I want to thank our guest,
Darran Rolls, Chief
Technology Officer at SailPoint Technologies in Austin, Texas. Thank
you so much, Darran.
Rolls: Thank you, Dana, good speaking to you.
Gardner: This is Dana Gardner, Principal Analyst at Interarbor
Solutions. Thanks also to our audience for joining, and don’t forget to
come back to the next BriefingsDirect IT discussion.
Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: SailPoint Technologies.
Transcript
of a BriefingsDirect podcast on the basic tenets of identity and access
management in a rapidly changing and growing IT world. Copyright
Interarbor Solutions, LLC, 2005-2014. All rights reserved.
You may also be interested in: