Written Interview with Malaysian Business
Attributed to Eric Kong, Managing Director, ASEAN, SailPoint
- What are some security issues and cyber risks faced by organisations that do not have proper identity security measures in place?
Organisations without proper identity security measures face several vulnerabilities, which could lead to identity-related breaches. According to a report by Identity Defined Security Alliance, 9 in 10 businesses have suffered an identity-related breach, yet 45% of APAC organisations are still at the early stages of their identity security journeys.
One critical part of identity security is to prevent over provisioning, where users are granted inappropriate access beyond what is necessary for their roles. This exposes organisations to a range of risks, including non-compliance with regulations and granting unauthorised access to sensitive data. In fact, 77% of financial institutions recognise that overprovisioning creates cyberattack vulnerabilities.
Also, one of the most overlooked threats comes from within, known as insider threats. A notable example occurred in Malaysia last year, where international scammers used major banks to defraud victims, facilitated by auditors and frontline officers who improperly opened accounts. This incident could have been avoided with a modern identity security program in place, providing central visibility and orchestration over employee access rights, roles, and entitlements across critical banking systems like loan servicing, wire transfers, and core banking platforms.
As an example; for the typical large, complex enterprise: If an enterprise has 100k identities under management, 200 applications being used across the business, and 100 entitlements on average per application, and you add another 100k data entitlements, you get 20 billion possible risky combinations that must be managed at all times, at speed and at scale. Managing such an immense amount of data is well beyond human capacity, which is why leveraging intelligent automation and identity security tools is essential to mitigate potential risks. Without these, organisations open themselves up to severe vulnerabilities.
- What are some concerns/requirements you have heard from fintech and digital players, and how are you addressing it?
In discussions with fintech and digital players, we hear three key challenges: governing the growth of identities, meeting stringent security and compliance requirements, and managing third-party risks. These challenges are amplified by rapid digitalization, cloud migration, and the complexities introduced by mergers and acquisitions.
As financial institutions scale, the number of identities—both human and non-human—that they need to manage grows exponentially. Many are still using manual processes to provision access, which increases the risk of over provisioned or orphaned accounts. SailPoint addresses this by automating identity lifecycle management through AI-driven solutions, ensuring least privilege access and preventing unnecessary access delays. This helps financial institutions maintain control over user access while reducing the risk of insider threats and unauthorised access to sensitive data.
Maintaining compliance with regulations like SOX, PCI DSS, and GDPR is a significant concern, especially given the complexity of managing multiple systems across various departments. SailPoint simplifies this through automated enforcement of Separation of Duties (SoD) policies. SoD policies are crucial in preventing fraud and unauthorised access by ensuring no single individual has control over more than one part of a critical transaction. SailPoint’s platform automates access reviews, monitors user activities, and detects conflicts of interest, ensuring compliance gaps are closed while reducing the threat of fraud.
Additionally, as more financial institutions rely on vendors and contractors, third-party risk management is crucial. With more individuals requiring access to an organisation's resources, the possibility of weak or compromised access credentials increases. According to our report, 95% of FSIs face governance challenges, with 47% identifying third-party identities as the most difficult to manage. Hence, SailPoint’s Non-Employee Risk Management solution extends the same rigorous governance to third parties, ensuring they only have access to what is necessary, for as long as necessary. This reduces third-party risks associated with unauthorised access and helps financial institutions increase operational efficiency while easily managing the complex relationships with non-employees.
Through the power of AI and machine learning, SailPoint helps financial institutions modernise their identity security programs by cutting costs, reducing risks and maintaining compliance. Our solutions ensure organisations can seamlessly scale and strengthen security as they navigate their digital transformation journey.
- How does SailPoint support financial institutions in terms of compliance and fraud prevention?
SailPoint supports financial institutions by offering a unified identity security platform that addresses both compliance and fraud prevention. Our report shows that 93% of financial institutions feel that meeting compliance is challenging, with three of the top four compliance issues centered around lack of resources, manual processes, and large time commitments. This led to 64% revealing they had an audit finding over the last two years.
SailPoint’s unified identity security platform is centered on efficiency and risk mitigation for compliance and security. Known as Atlas, our true cloud native, multi-tenant SaaS-architected platform strengthens access controls, policies, and processes with unique insights and governance simplification, while driving efficiencies and lower costs. With a comprehensive view of all identities across the organisation, including employees and third-party vendors, FSIs have full visibility to ensure only the right individuals have access to sensitive financial data at the right time. Also, with real-time monitoring available, FSIs can provide immediate response to any abnormal activity, significantly reducing fraud risk.
Additionally, SailPoint’s automated identity security capabilities streamline the compliance process by enabling FSIs to enforce policies, conduct audits, and generate reports quickly and efficiently. This not only simplifies compliance with regulations and regional banking standards, but it also reduces the manual burden on compliance teams.
By leveraging AI and machine learning technologies, SailPoint continuously assesses and adapts to emerging risks, ensuring FSIs stay ahead of potential threats. This dynamic approach not only keeps FSIs compliant but also helps prevent fraud by detecting and mitigating identity-related risks early.
- How does SailPoint leverage AI for identity security?
SailPoint’s AI-driven identity security offering enables businesses to automate the discovery, management, and control of all user access including employees, non-employees, and non-human identities across all environments and provide users with the right access to the right resources at the right time. Therefore, enterprises can automatically modify or terminate access based on changes to a user’s attributes or location, and automatically perform remediation actions when risky activity is detected.
Based on our report, 74% of respondents reported experiencing delays during staff onboarding, role change or access removal due to manual processes. These delays introduce unnecessary risks and inefficiencies. With an autonomous identity solution, organisations can get deep visibility with a critical, singular view into all identities and their access rights including trends, roles, outliers, and relationships, and easily and securely remove or reinstate access when an employee joins, changes roles or leaves the company, all without any human interaction. This simplifies and accelerates processes for joiners, movers, and leavers, eliminating the delays and errors associated with manual workflows.
As an example, The SailPoint Identity Security Cloud allow for seamless integration of a company’s entire digital ecosystem to centrally control access to all data, applications, systems, and cloud infrastructure – no matter how complex the business environment or where it operates. Therefore, enterprises can quickly adapt to changing environments, boost worker and IT productivity, and stay ahead of security and compliance issues.
AI-driven identity security can accelerate organisational change by as much as 30% through quicker integration of identities, applications, data and infrastructure; and companies leveraging SaaS, AI and automation scale a notable 10 – 30% faster and get more value for their security investment through increased capability utilization.
- Can you share success stories of users who have benefited from your services?
Globe Telecom, a major provider of telecommunications services in the Philippines, were looking to implement a robust identity program to support its digital transformation. The focus was to decrease onboarding time and manual approval processes while better mitigating security risks and improving overall employee experience.
Through their partnership with SailPoint, the company managed to enhance the efficiency of its onboarding procedures, manage passwords and identities more securely, and integrate identity seamlessly into their IT processes to improve the overall employee experience. This collaboration significantly reduced the onboarding time for new hires from 19 days to their start date at the company.
Another example, Aboitiz, one of the Philippines’ largest business groups, with investments in power, banking and financial services, food, infrastructure, land, data science and artificial intelligence as well as construction and shipbuilding, needed coherent identity and access management policies and automated provisioning/deprovisioning processes.
Leveraging SailPoint, Aboitiz replaced ad hoc manual systems with an automated identity security platform to allow it to efficiently monitor and manage more than 22,600 user accounts across 47 business units in the Philippines, ASEAN region, and China. Initial benefits include improved security in a Zero Trust framework, along with faster onboarding and timely account deactivation through automation. The new platform and dynamic approach to identity management further supports the Group as it continues to move to the cloud for improved innovation and collaboration.
#SailPointInterview #IdentityGovernance #AccessManagement #IAM #IdentityManagement #CyberSecurity #TechInterviews #SailPointSkills
