How long does a typical migration from on-premises IdentityIQ to Identity Security Cloud take?

The Encova Insurance migration was completed in approximately 8.5 months total, with the core application migration phase taking just 45-55 days. Using Atlas platform tools and a structured migration framework, Optiv achieved an estimated 35-45% reduction in timeline compared to traditional migration approaches. The actual duration depends on factors like data quality, role complexity, and stakeholder alignment.

What are the key benefits of migrating to SailPoint's Identity Security Cloud versus staying on-premises?

Identity Security Cloud provides immediate access to advanced AI and ML capabilities for role modeling and access insights, reduces total cost of ownership through SaaS delivery, eliminates infrastructure maintenance overhead, and accelerates deployment of new features. Organizations also gain access to the Atlas platform's extensibility tools and can leverage automated capabilities that replace manual, spreadsheet-based processes that previously required extensive consulting engagements.

How does Optiv's migration framework address data quality and role proliferation challenges?

Optiv's three-dimensional framework treats migration as an opportunity to refine and streamline, not just lift-and-shift. The data and process dimension focuses on cleaning data hygiene and consolidating roles before migration. In Encova's case, this resulted in reducing hundreds of roles to approximately 20, addressing proliferation while improving maintainability. The framework emphasizes that migration success depends on re-evaluating current state and optimizing before moving to the new platform.

Migrating to SailPoint Identity Security Cloud with Optiv

Name: Migrating to SailPoint Identity Security Cloud with Optiv
Uploaded: 2026-04-21T06:37:43-04:00
Duration: 27 min 2 s
Description: TL;DR Optiv successfully migrated Encova Insurance from on-premises IdentityIQ to SailPoint Identity Security Cloud in 8.5 months, with core application migration completed in 45-55 days using Atlas platform tools The migration reduced hundreds of role...

Sailpoint

04/21/2026

0 (0%)

Report Like Favorite

TL;DR

Optiv successfully migrated Encova Insurance from on-premises IdentityIQ to SailPoint Identity Security Cloud in 8.5 months, with core application migration completed in 45-55 days using Atlas platform tools
The migration reduced hundreds of roles to approximately 20 streamlined roles, cutting maintenance overhead while positioning the organization to leverage AI-driven access insights and role modeling capabilities
Optiv developed a three-dimensional migration framework encompassing technology, data/process refinement, and operating model alignment, achieving an estimated 35-45% reduction in migration timeline
Post-migration, Encova gained immediate access to advanced SaaS capabilities including AI/ML-powered role modeling, replacing traditional multi-year RBAC consulting approaches with automated validation and optimization
The migration aligns with Encova's cloud-first strategy and demonstrates how modern identity platforms accelerate time-to-value while reducing customization and infrastructure management overhead

Migration Framework and Approach

Optiv developed a comprehensive three-dimensional framework for migrating clients from on-premises identity governance solutions to SailPoint's Identity Security Cloud (ISC). The framework encompasses technology implementation using Atlas platform tools, data and process refinement to ensure clean migration, and an operating model that clearly defines roles and responsibilities across SailPoint professional services, Optiv, and client stakeholders. This structured approach emerged from lessons learned during the Encova Insurance migration, where early alignment on the operating model proved critical to streamlining the entire effort. The framework emphasizes that migration is not simply a lift-and-shift exercise, but an opportunity to re-evaluate and optimize existing identity governance capabilities before moving to the new platform.

Encova Insurance Migration Results

The migration of Encova Insurance from SailPoint's legacy on-premises IdentityIQ platform to Identity Security Cloud was completed in approximately eight and a half months, with the core application migration phase taking just 45-55 days. Leveraging Atlas platform extensibility tools, particularly the sp-config migration toolkit, the teams achieved an estimated 35-45% reduction in overall migration timeline compared to traditional approaches. A significant outcome was the consolidation of hundreds of roles down to approximately 20 streamlined roles, addressing the common challenge of role proliferation. This dramatic simplification not only reduced ongoing maintenance overhead but also positioned the organization to leverage advanced capabilities like AI-driven role modeling and access insights immediately post-migration.

Post-Migration Capabilities and Next Steps

Following successful migration to Identity Security Cloud, Encova Insurance gained immediate access to advanced platform capabilities that were unavailable in the legacy on-premises environment. The organization is now implementing AI and machine learning features for role-based access control (RBAC) refinement, using access insights and role modeling tools to validate and optimize their access governance model. These capabilities represent a fundamental shift from traditional spreadsheet-based role modeling approaches that historically required multi-year, multi-million dollar consulting engagements. The SaaS platform also reduces customization requirements and maintenance overhead, allowing the identity team to focus on strategic initiatives rather than infrastructure management. The migration aligns with Encova's broader cloud-first strategy and demonstrates how modern identity security platforms can accelerate time-to-value for advanced governance capabilities.

Strategic Lessons and Future Pipeline

Key learnings from the migration emphasize the importance of stakeholder alignment across organizational levels, from CISOs viewing SaaS migration as cloud-first strategy execution to tactical teams recognizing improved tooling and capabilities. Early engagement of all stakeholders—partner, vendor, and client teams—proved essential for smooth execution. Optiv is applying these lessons to a growing pipeline of migration opportunities, developing proprietary tooling and refined methodologies to complement SailPoint's Atlas migration hub. The firm is taking a structured approach to client qualification, identifying organizations where SaaS migration delivers clear value while recognizing that highly complex environments may require additional preparation. This measured approach reflects the maturation of both the migration practice and the broader market shift toward cloud-based identity governance.

Chapters

0:00 - Introduction to Built on SailPoint Series
0:55 - Encova Insurance Migration Overview
2:44 - Migration Approach and Framework
5:59 - Atlas Platform Tools and BVA
8:11 - Role Consolidation Results
9:27 - Integration Challenges and Solutions
12:29 - Success Factors and Outcomes
15:39 - Key Learnings from Migration
18:49 - Next Steps: AI-Powered Role Modeling
23:40 - Future Migration Pipeline and Optiv Strategy

Key Quotes

1:38 "This particular client we are going to discuss a little bit about is Encova Insurance. It's an existing legacy client for us, which was or at some point was on IAQ, the on-prem product. We helped them move from the on-prem product to ISA or Identity Security Cloud, the SaaS product."
3:08 "We refined our approach. In fact, we came up with our own framework around migration when we are helping clients migrate from these on-prem to ISC as a product. We are looking at migration through three dimensions, if you will."
8:26 "We went from hundreds of rules down to 20 when you completed the full migration."
11:55 "We were able, between our two teams, to get all of the applications moved over in about 45 to 55 days, somewhere in there."
15:09 "The entire migration took only or took less than about nine months, somewhere in the eight and a half range, which is pretty amazing. If you look at the tooling that you guys built, we built, looks like we were able to cut down the overall timing, probably around 35% to 45%."
20:56 "If you go back 10 years ago, that was a $5, $10 million project. You were there for years and it was one department, one person at a time sitting down, building out role models and spreadsheets."

Categories:

» Cybersecurity » Cloud Security
» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

04/21/2026

02:00 PM

04/21/2026

How Purpose Brands scales IT with Zendesk ITAM

https://www.truthinit.com/index.php/channel/1881/how-purpose-brands-scales-it-with-zendesk-itam/
04/22/2026

01:00 PM

04/22/2026

Evolving Service Account Security: Transitioning from Legacy to Agentic Identities in AI

https://www.truthinit.com/index.php/channel/1885/evolving-service-account-security-transitioning-from-legacy-to-agentic-identities-in-ai/
04/22/2026

01:00 PM

04/22/2026

Harnessing the Power of AI for Rapid Advancements

https://www.truthinit.com/index.php/channel/1892/harnessing-the-power-of-ai-for-rapid-advancements/
04/23/2026

01:00 PM

04/23/2026

Cultivating Trust as a Foundation for the Agentic Consumer in 2026

https://www.truthinit.com/index.php/channel/1883/cultivating-trust-as-a-foundation-for-the-agentic-consumer-in-2026/
04/29/2026

12:00 PM

04/29/2026

Strategies for Safeguarding AI in Applications, Agents, and APIs

https://www.truthinit.com/index.php/channel/1893/strategies-for-safeguarding-ai-in-applications-agents-and-apis/
04/30/2026

10:00 AM

04/30/2026

Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection

https://www.truthinit.com/index.php/channel/1868/insights-from-the-2026-keepit-annual-data-report-on-saas-data-protection/
04/30/2026

01:00 PM

04/30/2026

The New Economics of a VMware Exit

https://www.truthinit.com/index.php/channel/1880/the-new-economics-of-vmware-exit/
05/06/2026

02:00 AM

05/06/2026

Transforming AI's Potential: Proactively Identifying Attacks Before Breaches Occur

https://www.truthinit.com/index.php/channel/1886/transforming-ais-potential-proactively-identifying-attacks-before-breaches-occur/
05/06/2026

10:00 PM

05/06/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1913/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

05:00 AM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1914/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

01:00 PM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1915/world-password-day-strategies-for-managing-your-passwords-effectively/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box Mysteries into Transparent Insight: Addressing AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-mysteries-into-transparent-insight-addressing-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Effective Strategies for Safeguarding Active Directory and Minimizing Data Exposure

https://www.truthinit.com/index.php/channel/1888/effective-strategies-for-safeguarding-active-directory-and-minimizing-data-exposure/
05/13/2026

01:00 AM

05/13/2026

Transforming the Unknown: Revealing AI Risks and Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-unknown-revealing-ai-risks-and-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Revealing Hidden Threats and AI Risks Through Data Lineage Insights

https://www.truthinit.com/index.php/channel/1894/revealing-hidden-threats-and-ai-risks-through-data-lineage-insights/