As readers of this blog well know, selling IAM solutions internally is not always a slam-dunk, and with six-plus figure price tags, these sales take time to win both upper management and then users in the trenches. Part of the trick is being able to sell up and down concurrently, by crafting your message carefully for the appropriate audiences. I spoke to several end user customers and potential customers of SailPoint identity products at the Navigate 13 conference about their tactics and techniques and wanted to share some of what they have learned. The people I spoke to would prefer me not to reveal their identities, ironically.
SailPoint is doing something right: look who is using their software. They are installed in the world’s largest bank, the world’s largest insurance company, the world’s largest packaged goods company, the world’s largest oil company, and the world’s largest food services company. Do you detect a trend here?
I spoke to several banking customers who are using SailPoint to connect hundreds, if not thousands, of their internal apps and make sure they are in compliance with various financial regulations. One bank operates in more than 30 different markets, and as you can imagine, has a regulatory and compliance footprint that is crushing – not to mention costly. They set about to change the culture of identity management by getting buy-in with their board of directors. “We needed a board mandate if we were going to regain control. Given the increases in cybercrime and targeted attacks, we had to do a better job,” said one conference attendee. “We had to demonstrate to our auditors that we have effective controls and governance, particularly for our higher-risk apps.”
One mechanism that the identity team used was relatively simple: they created a dashboard with different views for different audiences. The chief risk officers got one view, divisional people have another one. “All of the data comes straight out of IdentityIQ, and we cut and dice it to make it easier to understand for our executives.”
But as they were selling their board, they also had to straighten out their app portfolio too. So they also created another dashboard for the app owners “so we could give them an understanding of how we are managing privileged IDs for example.” This working both ends of the spectrum was key towards the bank getting their identity act together.
Some of their human resources-related apps were quite frankly a mess. “We have so many legacy apps and it is a real challenge. Some of our regional units have standalone systems that are not well maintained. It was a real shock.” But as they spent time in the trenches clearing up these problem apps and standardizing on their data models, they found the tide was turning. “Now the business units are coming to us to get their apps running on top of IdentityIQ.” This seems to be common. As another banking customer told me, “Since we installed SailPoint, we don’t have to ferret the apps out, now the stakeholders come to us because they see the value of having them integrated into SailPoint.”
Cleaning up an HR database was a starting point for another SailPoint customer that I spoke to. One customer had a separate database for contractors and full-time employees with different schemas, with a couple of flat files for other personnel data mixed in for good measure. That was the beginning of integrating more than 100 different apps and more than 4,500 employees into SailPoint’s IdentityIQ.
So keep track of both the boardroom and the people running the business-level apps concurrently, and make sure that you can get everyone’s requirements satisfied when you are selling IAM.