Exclusive: SailPoint's Chris Gossett discusses keeping identity security at the forefront

Identity security is increasingly critical for enterprises managing complex digital environments. Chris Gossett, Senior Vice President of Technology Services at SailPoint, shared his insights during an exclusive interview at the company's Navigate event in Sydney recently. With over 14 years at SailPoint, Gossett has witnessed the evolution of the company, as it has grown from a team of 65 employees to a global team of 3,000 - and the identity security landscape.

"When I started, we were solving compliance and basic provisioning problems. Today, we're addressing advanced identity security use cases," he said.

Gossett's team focuses on assisting enterprises in managing and controlling user access across diverse applications, data sets and identities - both human in the form of employees, contractors, as well as machine identities, bots and service accounts. 

"Think of an enterprise like a room filled with thousands of Lego pieces, scattered everywhere, with no sort of order. That's the overwhelming challenge enterprises face with managing access," he explained.

Just as organizing Lego pieces into manageable groups makes finding a specific piece easier, SailPoint helps companies discover, control and right-size access, ensuring both human and machine identities have appropriate permissions to perform their tasks.

At the heart of SailPoint's mission is addressing modern identity security challenges.

The company's approach aligns with the concept that "identity is the new firewall." Gossett elaborated, "In the past, enterprises relied on firewalls to keep threats out, but that left internal systems vulnerable. Now, it's about discovering and controlling access to mitigate risks effectively."

Challenges of Identity Security
Identity security is a complex task, often underestimated by enterprises.

Gossett explained how reliance on outdated tools has compounded these challenges. "Many organisations still rely on older systems like Single Sign-On (SSO) and Multi-Factor Authentication (MFA). These focus on perimeter security and keeping the bad actors out but do little to control access internally," he said.

What's needed, he shared, involves going beyond protecting perimeters to managing access internally at a granular level within organisations. "It's about minimising standing privileges and controlling the blast radii when breaches occur," he added.

Navigating Innovation in Identity Security
At Navigate Sydney, SailPoint focused on its recent groundbreaking advancements, including machine identity security and privileged task automation. Both solutions aim to streamline identity management while reducing risks.

Gossett described the event as a success, noting an attendance of 600 participants. "The turnout has been fantastic, with customers and partners eager to engage with our latest solutions," he said.

One notable development is the integration of machine identity management into SailPoint's platform.

"Machine identities are growing rapidly, often outnumbering human identities in enterprises.
They're also highly privileged, making them an attractive target," Gossett explained. SailPoint's new tool helps organisations discover and manage these accounts, ensuring credentials are rotated, permissions are right-sized, and the lifecycle of machine identities is controlled.

Another innovation is privileged task automation, which replaces risky manual access to sensitive systems with automated workflows. Gossett highlighted its benefits, saying, "This reduces the exposure of highly privileged accounts, enabling organisations to perform tasks without giving out root access or domain admin rights."

These solutions exemplify SailPoint's forward-thinking approach. "We're not just responding to today's challenges but building capabilities for the future," Gossett said.

Key Findings from New Horizons Research
SailPoint's recently released New Horizons of Identity Security research underscores the untapped potential of identity security. Gossett noted that while some companies are advancing rapidly, many are still at the early stages.

"It's clear that enterprises prioritising identity security see outsized returns. They reduce risks while improving productivity," he said.

A significant barrier, however, is the technical debt created by older, heavily customised systems. SailPoint's prescriptive, AI-powered solutions aim to bridge this gap, offering scalability and efficiency.

Identity Security in APAC
The Asia-Pacific region, particularly Australia and New Zealand, shows varied levels of maturity in identity security, according to Gossett.

"ANZ leads the region, but there's still much progress to be made," he said. He urged enterprises to take the first step toward adopting identity security programs, noting that the journey often yields quick benefits.

"It's about getting started. The sooner you begin organising, the faster you see results," he added. "If we think back to our Lego analogy, cleaning up a room filled with Lego is a daunting task of. It's about starting small, organising bit by bit, and gradually creating a functional system."

A Vision for the Future
During the event, Gossett also discussed SailPoint's Atlas platform and its potential to revolutionise identity security. "Atlas breaks down silos, providing a unified view of access across an organisation.

It's a game-changer for managing identities at scale," he said.

The integration of AI and machine learning further enhances the platform's capabilities, automating processes and uncovering risky access combinations.

Gossett noted, "AI allows us to find the needles in the haystack. It's the only way to manage data at this scale effectively."

As SailPoint continues to innovate, Gossett remains optimistic about the company's role in shaping the identity security landscape.

Reflecting on his journey and the company's mission, he concluded, "Good things happen when enterprises take that first step towards robust identity security."