Events , Governance & Risk Management , Identity Governance & Administration

Robust Identity Protection Isn't Just for Employees Anymore

SailPoint's Mark McClain on Why Having Guardrails for Non-Employee Access Is Tough
Mark McClain, founder and CEO, SailPoint

Organizations must extend identity protection beyond employees to safeguard contractors, supply chain partners, software bots and intelligent devices, said SailPoint founder and CEO Mark McClain.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Businesses struggle to keep up with what applications or data non-employee or non-human identities need access to as roles within the organization change and projects begin and end, McClain said. He anticipates ChatGPT will increase the number of successful compromises of non-human identities since it will make it easier for adversaries to quickly try different types of attacks without tying up resources (see: Mark McClain on What Thoma Bravo's Buy Means for SailPoint).

"The life cycle of how long that non-employee is relevant to the business is much more difficult to manage because it's not in one of the systems," McClain said. "They don’t live in Workday. They're out there somewhere else, and that somewhere else is often a spreadsheet."

In this video interview with Information Security Media Group at RSA Conference 2023, McClain also discusses:

  • How the SecZetta purchase has allowed SailPoint to protect non-employees;
  • How getting taken private by Thoma Bravo has enabled tuck-in acquisitions;
  • Why multi-tenant SaaS is more scalable and sustainable than single-tenant SaaS.

McClain directs the overall vision and strategy of SailPoint. He has almost 35 years of experience in technology, with more than 20 years as a founder and leader of innovative identity management companies. He also co-founded Waveset Technologies and has diverse experience in international sales and marketing.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.