Today’s Q&A Wednesday is with Mark McClain, CEO & Founder of Sailpoint, a company that is gaining significant traction and market momentum in the IT security industry. The company was recently named one of "10 IT Security Companies to Watch" by Network World.

Give us a little bit of history of the company and how it got started.

Kevin Cunningham and I founded the company with Jackie Gilbert in 2005. We decided to give the startup gig another go after successfully launching Waveset which we sold to Sun in 2003 for $150M .

We formed the company at a time when new legislative and industry mandates like SOX, PCI and HIPAA presented the identity management market – tools and technologies for connecting users with corporate IT systems – with new and complex business challenges. While Waveset had focused on the operational efficiencies made possible by automating redundant internal process (setting up new accounts, re-setting passwords, etc.), companies in the past few years were spending a great deal of time and money to certify, verify and monitor user access. Pressure from external auditors and regulators, as well as internal directives to improve “governance”, have driven most large companies to achieve and demonstrate strong and consistent control over user access to critical systems and data. Traditional solutions designed to automate and speed the initiation and termination of user access weren’t suited for the task.

We chose the name SailPoint based on the origins of the word “governance,” from the Greek word for "to steer" or "pilot a ship.”  A “sailpoint” describes a sailboat’s course in relation to the wind, which, as we all know, is rarely steady and constantly changes in both strength and direction. To reach a destination requires continuous adjustment of sailpoints to harness the wind efficiently and maintain safe control of the boat. We believe the same is true of enterprise identity governance.

How has the company been funded so far?

The company has raised $14 million in funding. Investors include Austin
Ventures, Lightspeed Venture Partners, Origin Partners and Silverton
Partners.

What’s the elevator pitch for SailPoint and Compliance IQ?

Organizations today face the challenges of IT compliance and insider data breaches – and the associated risks of failed audits, brand damage, consumer fraud or IP theft – armed with little more than spreadsheets, or, worse, pencils and paper reports. They try to ‘boil the ocean’ because they can’t identity their riskiest users or data. SailPoint helps organizations gain control over user access to critical systems and data so they can streamline costly IT compliance processes and identify and reduce the risks of poor access control.

Our identity risk management software reduces the complexity, costs and risks associated with controlling and managing user access and identity information. Our flagship product Compliance IQ automates compliance processes associated with managing user access; offers sophisticated reporting and analytics for decision support; and helps business and IT work together to identify, prioritize and resolve serious risks to systems and data before they become critical vulnerabilities or expensive liabilities. By correlating what users do with what users are allowed to do, Compliance IQ creates a 360-degree view of users and computes user “risk scores” – a concept unique to SailPoint – that make it easy to focus and allocate controls and monitoring based on business risk.

You just got back from Gartner’s big annual conference for SailPoint’s market – what are some highlights from the show and major trends on the horizon for identity and access management?

Business units are taking on a greater role in security administration – they understand business risk and what controls are needed. This presents some interesting challenges for security vendors, who tend to build highly technical products that are difficult to use. The definition of security is expanding away from a “fortress” approach (where you lock down resources to prevent break-ins) toward a much broader concept of risk management. Risk management requires a disciplined approach to assess risk in the IT environment and develop strategies to manage risk with internal controls.

Give us a glimpse of the future. What can we expect to see from SailPoint in 2008?

We’re aggressively building a customer base and demonstrating rapid, quantifiable results for our customers. For example, companies have realized 50 percent time savings when using SailPoint to automate highly manual IT compliance processes. Expect to see formal announcements on that front. We’ll support our growth by continuing to strengthen our partnerships with the leaders in our space through the SailPoint Alliance Network and furthering our overseas expansion with the help of our international channel partners. Finally, we will continue to invest in next-generation technology to bring risk management into the mainstream as a core IT discipline.

Sphere: Related Content

Filed under: Q&A Wednesday