SailPoint tackling unstructured data vulnerabilities for Australian organisations

With their identity management ducks somewhat aligned, SailPoint president Kevin Cunningham has said organisations in Australia are now turning to his firm to tackle the threats targeting unstructured data.

In Sydney meeting with local customers, the identity governance firm co-founder told ZDNet that as one obstacle is contained, another emerges, and many organisations -- especially those the size of Australia's financial institutions -- have found themselves with an unstructured data problem.

"These are documents and files that sit around everywhere, and the challenge with them is nobody knows where they are or what they contain, nor who has access to them," Cunningham explained.

"We actually have been investing for years in a data governance solution that actually can go out and answer those questions. A number of conversations I've been involved in over the last week here are with customers that have had identity programs for a number of years now, and they are now saying, 'This is next frontier for us', and it fits in with their identity solution."

Cunningham said he has yet to hear a CISO say that they do not have an unstructured data problem.

"What we're seeing here in Australia is we're just getting to the cusp of people getting the fundamentals in terms of identity management in place, and now they're looking to tackle their unstructured data problem," he explained.

In many organisations, especially large financial institutions, Cunningham said that it is not uncommon to find hundreds of different applications sitting on multiple layers, with varying levels of protection.

"A lot of our customers are still using mainframe back-end systems to host their applications -- the death of the mainframe has been predicted for decades, but it's not going anywhere for our customers," he said.

"The same customers are also adopting SaaS applications, so there are these layers of technologies all with credentials that need to be managed."

Austin, Texas-based Cunningham has been visiting Australia frequently for the past nine years and said the reception he received at the start from financial institutions was not too positive, with many telling him they didn't need to worry about the solution SailPoint was pushing.

"Every single one of those banks now use our software because what they've figured out over the last nine years is that this not about regulatory requirements; this is about true security, reduction of risk," he said.

Although banks and financial institutions -- including all of Australia's big four banks -- represent a third of SailPoint's overall business, Cunningham said it is an issue that every vertical faces. While in Australia, the co-founder is also speaking with the Australian government in Canberra.

With the perimeter of an enterprise somewhat dissipated by the concept of bring your own device and software-as-as-service (SaaS) applications, Cunningham said the need for identity security is as important as ever, as the only thing linking a staff member on their smartphone to the organisation is their identity.

"Over the last 18 to 24 months, people are now understanding how important this is as part of a cybersecurity strategy," he said.

SailPoint was founded as a result of a split-off of the team behind the "Gen1" provisioning solution, Waveset Technologies. Waveset was sold to Sun Technologies in 2004 for $136 million, which was itself sold to Oracle for $5.6 billion in 2009.

At the same time Waveset was acquired by Sun, Cunningham explained that Oracle, IBM, and RSA Security each bought their own similar companies. However, after his 18-month tenure at Sun, he found that nothing had changed from a vendor perspective, and products had not been advanced since they were acquired by the big guys.

"What had moved on, however, was the recognition that to manage it you had to get people participating outside the process," he said, adding that SailPoint was founded to fill a need in the industry that the other provisioning solutions did not meet.

"We've been fighting against the big guys ever since we started the company," he explained.

"Having been at a couple of those big companies, I know how hard it is to innovate and keep up with market demands."

At the end of the day, Cunningham said security is a man vs man challenge, and believes vendors have to be nimble when it comes to bringing new solutions to market.

"Those big guys do a lot of different stuff, and identity may or may not be strategic for them at any one given time, but we're myopically focused on this," he said. "We would say we out-innovate the big guys, and if we can't out-innovate them, we shouldn't be in business."