Access Management , Application Security , Artificial Intelligence & Machine Learning

How 'Zero Trust' Better Secures Applications and Access

Organizations Must 'Assume Compromise,' Says SailPoint's Darran Rolls
How 'Zero Trust' Better Secures Applications and Access
Darran Rolls, CTO of SailPoint

Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.

"What we are basically doing is retreating back to the control point around the application," Rolls says. "Application security and application access is the business of identity management and identity governance."

Understanding who has access to resources, if that access is appropriate, as well as how that access is being used remains key for maintaining a viable zero-trust model, he says. Done incorrectly, this could have usability and flexibility repercussions. But Rolls says it's possible and of course desirable to design ways to safely and automatically provision access to new resources.

In this interview (see audio link below photo), Rolls discusses:

  • How identity plays a critical role in securing applications;
  • Why the concept of least privilege is so essential;
  • Balancing usability with a zero-trust approach to application access.

Rolls is CTO of SailPoint. He previously was the founder and CTO of Cloud 10, a Texas-based security and identity management consulting firm. Before that, he worked in the office of the CTO of Sun Microsystems.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.