SailPoint Technologies Holdings,
Inc. announced its intent to acquire ERP Maestro, a SaaS
governance, risk and compliance (GRC) solution. With ERP Maestro, SailPoint
will unite identity security with ERP Maestro's Separation-of-Duty (SoD)
controls monitoring for an organization's most critical applications, like SAP.
This will provide the integrated approach for effective identity security
controls and SoD oversight now required to spot and stop risks posed by
potential insider SoD conflicts before they become a crisis of fraud or breach
of sensitive data.
"With
today's threat landscape, organizations are challenged with ensuring proper
governance and compliance over their most sensitive systems and data. It is
important to ensure that these systems are only accessed by the right people,
at the right time. People who need access to critical applications and systems
to keep the business running are especially at risk as they hold the keys to
sensitive data," said Grady Summers, SailPoint's EVP of Products. "For example,
in the case of a critical application like ERP, providing the right access-while
ensuring access privileges also don't conflict-is paramount to reducing access
risk brought on by overlapping access privileges to these systems."
Until
now, companies have typically managed SoD monitoring in a silo, rather than
taking a tightly-integrated approach to ensure no conflict of access or
over-permissioned access was occurring. The ERP Maestro platform provides both
a granular view of access risk and potential SoD conflicts, plus a
comprehensive view of the overall risks by usage and risk-levels, thereby
improving compliance and reducing the burden of financial audits while
enforcing tighter security measures. With ERP Maestro's capabilities,
SailPoint's Identity Platform will soon provide the unified view and real-time,
actionable, and business-focused intelligence that organizations need to
analyze logical access to critical business systems and then to identify
potential areas of SoD conflict before access is ever granted. This pairing
will also provide organizations with a compliant, automated process to grant
temporary elevated access to users without adding unnecessary risk.
"ERP
Maestro's flexible and extensible approach allows for agile, automated and
robust monitoring of an organizations' most complex business critical systems.
Extending identity security to include rich SoD controls monitoring will give
SailPoint customers the chance to operate on a least privilege basis, providing
only the necessary, appropriate system access and shutting down potential areas
of SoD violations," said Summers. "This is the next generation of identity
security that today's business needs to get the full picture of access across
the workforce for all data and systems, with tightly integrated governance and
compliance for business-critical systems."