Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

SailPoint: Elevating Identity from Security Function to Business Priority

Sailpoint
07/09/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


with Blake, Micron, Susan from University of California, San Francisco, and Upen, my colleague at Deloitte. Thank you all for joining me. We're going to talk here about just how strategic identity has become to businesses. I'm sure you're kind of seeing that at your own organizations in your different roles. But we get perspectives here from the identity leaders and what they're doing and how they're elevating that conversation and helping business kind of see the value come through for identity as well. So thank you again and we'll get started. And I'll start with you, Blake. You and I have been chatting the last couple of days. We've talked about the unique profile that Micron has and how targeted you are. Talk about that and also then how you're leveraging identity and SailPoint specifically to kind of solve for the different challenges within the organization. Yeah, great questions. So speaking from the semiconductor aspect, Micron is, I would say, one of the most targeted companies in America at least. The high value assets, high risk. And so we're under constant pressure to remediate, remove, and understand the risk. So from the identity perspective, some of the challenges that are top of mind for me is kind of that hygiene aspect, identity hygiene. Just the basics and fundamentals of identity. The continuous validation of our identity and access controls. So just the fundamental of identity and access is one of our key priorities for me. The second is connection to the business, as you mentioned. So continually working with the business to understand the change where the semiconductor industry is constantly evolving and changing. So we need to prioritize our time with them to understand the risk from their perspective. What is the business evolving? I call it the speed of security, essentially. Security at the speed of business. And so that's something that my team has to gravitate towards all the time. We need to be in front of new technology development. We need to be in front of threats. And so that our controls and our identity capabilities need to be proactive in that sense. And I think the third is, you know, the biggest challenge right now is the scale of how identity influences our security program. At Micron, we've made identity the center of our control strategy. So if you have identity in the center, and how does identity tie to the entire ecosystem from network to systems to data to physical control? And so if we consider that scale, automation is super key for us. And there's a lot of dialogue in this whole session this week so far around automation. And so the team's ability to do the fundamentals, but then innovate in identity is super key. There's a lot of talk on AI or data science. I think that's the next part of the challenge that we need to overcome for scale, for completeness. And so top of mind for me on what I think. I think Susan probably has another perspective. Yeah, no, I'll ask you the same. Susan, you've got a unique organization. It's got academics on one side, and you've got healthcare. Pretty complex in themselves, but you've got both of them together. So do you want to share about how you're leveraging identity and the challenges and how it's helping you solve for that? Yeah, at UCSF, we are unique. We have health science, education, research, clinical operations, hospitals, ambulatory care. So we have all of those complexities of patient care and life-saving emergencies. And each one of those mission areas has their own unique technologies, practices, regulations. And so what we're shifting to is really just an enterprise way in which we approach identity. And it's based upon enterprise standards, enterprise risk assumption. And that's a very, very different model than what we have today. So today, identity is turned over to an application owner, and an application owner individually in an isolated way will make kind of siloed, role-based entitlement decisions. And that happens a thousand times over every day. And thinking about where we're moving to is really centralized, standard-based identity governance, entitlement management. And that's just a very, very different way that our organization looks at that. And that takes exceptional executive sponsorship. It takes exceptional cultural shifts. But we found it to be so critical to really justify our investment that we're making in identity. And it's the right thing to do, but it's very much a cultural change for us. And it's a business change for us. Right. So it's important in solving for such a complex business with all these things that you talked about. So identity is one of those things where it's not a once and done, right? You're going to, I think you all understand, we all understand here, it needs continuous care and feeding and improvement. But if there was a vision right now for the next three to four years of the future, and you assume you get there, what does that future look like? And what would you like from partners like us and then SailPoint and that partner ecosystem and technology and services to enable that future? I think for us, we're shifting to a model of identity-based decision-making, identity-based security. So it truly is going to be kind of out the foundation of how we conduct our business. And I think there's a recognition that identity is not just kind of a commodity function, like a router or a firewall. It really is a critical path to business innovation. And I think that was an important part of our discussions with our business leaders is just appreciating that when you think of identity, think of it in the same way that you would look at an ERP investment, or how you would approach that from a total business approach to something. And I think we've been successful at that. And we really do count on our partners and our integrators and Deloitte and our technology to really kind of take that customization out of it and let things be kind of out of the box. So it's ready to go with on-premise legacy applications. It's ready to go with IT orchestration and automation from an entire ecosystem perspective, because if that's not provided for us, then it just becomes more and more customization, which really takes us away from our enterprise standardization approach. Right. And that's part of your journey to ISC as well, right? That's why you've gone with the cloud-based approach and kind of bring that standardization to your business and your identity stack. And Blake, I'll go to you with that same question. How do you see the future and what do you need to enable that future for you? Yeah, very similar to where Susan was describing, we're on a very intensive RBAC program with SailPoint and Deloitte. Upan and I have a great working relationship. He has an amazing team supporting us for several years now. But again, tying everything around identity and what roles that you're defined to and then roles to assets and risk and all that. We're going to focus heavy on continuous adaptive identity, access and authorization, really get that risk-based approach. So not only risk and assets, but the risk and identity so that we have that dynamic control, adaptive control on access and remediation. We're going to spend a lot of energy there. I was excited to hear some of the product discussions here this week that align with that. But the dynamic of it in a global workforce and the people change, the change management around it, the risk signals, the risks are changing all the time. We can't do that manually. So a lot of innovation, an amazing team to really look at that risk engine approach, policy-based approach, similar to what you were saying, and drive automation through that so that near real-time access management is really what our goal is. So another way of saying zero trust, continuous adaptive access and authorization and authentication. But we'll be investing a lot in that. I like how you got to zero trust as the outcome rather than the starting point and just going for zero trust sake. So that's interesting. Bhupen, I'll come to you. You've had a unique career path. You've owned your own company. You've been at CISO and now you're with Deloitte. And you've seen identity being core to security and operations. How have you seen that evolution? You heard from Blake and Susan. In your view, how are organizations leveraging identity now? Yeah, let me tell you about the evolution, right? And this has stuck with me. Like Blake mentioned, I started working with Blake two and a half years ago. He wasn't even in cybersecurity. We would pressure him saying, no, we want to do role-based access. We want roles from you. We want this. We want that. This is critical to our cybersecurity. And he stopped me. He said, Bhupen, this is critical to our business model. Stop talking cybersecurity. And I think that's the evolution of identity. This will be your business model. I work with clients all across industry. We're working with a retailer right now. Identity is the central focal point to them changing their associate experience within their in-store delivery model. So when you order online and you go pick up at the store, it is the in-store identity that is enabling all of that. So I feel the next evolution of identity is to enable business model, enable business ideas. And to Blake's point, it is that zero trust outcome of building that trust. As we have more cloud, more AI, identity is going to be your new perimeter. It's going to be the central focal point of your zero trust circle. Right. That's interesting. And that's an interesting pivot to the business outcomes, right, Blake and Susan? You talked about what you're trying to achieve with identity, but it is serving the larger business. It is towards an outcome. And it's not just security, right? It's critical business outcome. It's critical to that. Let me ask about, is that realization throughout the organization? Are you having conversations where you're having to convince your stakeholders and executives around the importance of identity, why investment is needed? And if so, what are some of the strategies that you could share in having that conversation to bring that realization across the organization? Yeah. I mean, there's different levels of convincing, I guess, you know, the influence of security identity in our organization. There was a conversation yesterday about frictionless security or frictionless identity. This space is one of the most friction based ones that we have because people take it personally. How can I not be trusted? Why are you changing how I have to work around my identity at Micron? I've been here forever, for example. And so, those are conversations that are very unique, and we overcome those every time. It's just a matter of understanding business case, what our capabilities are in aligning that. As we move up through the executive suite and our board of directors at Micron anyway, we're pretty fortunate. We have a very engaged board and executive team, but we still owe them risk and business value. So, we have the opportunity to express that, you know, on a quarterly basis, and we tie current events, things they hear in the news, the unfortunate things that are occurring. We associate that to our internal risk, our internal programs, and we explain risk reduction. Now, risk reduction in business value is time to market, speed of business, protecting IP, insider risk, and all the external threats that we have. So, describing that in business value, while maintaining productivity, team member engagement, adoption. I was in a session earlier this week around the adoption is a big challenge. And the ITDR discussion, for example, was adoption, adoption. And so, gaining that trust, gaining value and adoption through working collaboratively with the business, we spend a lot of time directly in our business. I'm blessed with the team that I have. They come from the business. I have a large team that understands how engineers think, they understand how sales people think, and we can really relate and work with them. And then all the way up is that we are doing well, we will do well here, and this is what it's going to do to our product portfolio, our technology strategy, and really connect those dots. And we're blessed with that. Yeah. Susan, do you want to share your views? I would just add that for us at UCSF, UCSF.edu has value. And that name is something that, and that association with that name is something that we safeguard. And our business leaders may not necessarily understand some of the technical nuance of identity versus MFA, et cetera, but they do understand how identity impacts and identity security impacts time to onboard, or risk, or audit, or cost. And so, we were really diligent about appreciating that this was going to take time. It was a journey that we were going to need to take these leaders on and really have the story build upon itself. And second, I would share that we really did put identity and identity security as a critical path to business innovation, digital transformation. It doesn't make a lot of sense to invest so many tens and hundreds of millions in a new RP system if you're not going to base in the foundational way in which you control entitle management. And I don't think it's hyperbolic to say that identity is a critical path to business innovation. That's where we look at it. And I think that's what we hope to have our executive leaders understand that. It's not commodity, it's not an IT function, it's a business function, and it should be approached as such. And I'll just add to that, right? So, Blake started with reduced risk. Susan is talking about enabled business. And the third aspect of that is take technology out of this discussion. Let's not talk about widgets. Let's not talk about, is it in cloud? Is it on-prem? What API am I going to use? I had this conversation when I was young, and they said, but we don't want to know how you farm the potatoes. Like, don't even give us the recipe, right? Just give us the chips, right? And to that point, take technology out of that conversation. Your board wants to know two things. Are you reducing risk? Are you making more money? Give that to them. Take technology out. Let someone else operate it for you. You'll be that business decision maker, and you'll be successful. If there's one thing you can take today is enabled business, don't worry about technology. Yeah. And even if it's your job and you're focused on it, but from an executive and a board perspective, it's really about the business outcomes, and that's how you elevate that. So, the clock's wound down, and it's actually telling me we've run over. So, I had more questions, but we're out of time. Thank you again. Hopefully, the crowd found it insightful as well. Thank you for the conversation.

TL;DR

  • Identity has evolved from a security control to a strategic business enabler, with organizations like Micron and UCSF positioning it as critical to business innovation and digital transformation, not just a commodity IT function.
  • High-risk industries like semiconductors face constant pressure to maintain identity hygiene, continuous validation, and automation at scale, with identity serving as the center of comprehensive control strategies spanning network, systems, data, and physical access.
  • The future of identity focuses on continuous adaptive access management with risk-based, near-real-time controls that support zero trust architectures, moving away from customization toward enterprise standardization and out-of-the-box integration.
  • Executive and board-level conversations about identity should emphasize business outcomes—risk reduction and revenue enablement—rather than technical implementation details, with identity treated as a critical path to business innovation requiring ERP-level strategic investment.

Identity as Business Enabler, Not Just Security Control

This panel discussion features identity leaders from Micron and UC San Francisco sharing how they've repositioned identity from a technical security function to a strategic business enabler. Blake from Micron describes how the semiconductor industry's high-risk profile demands identity hygiene, continuous validation, and automation at scale, with identity now serving as the center of their entire control strategy. Susan from UCSF explains their shift from siloed, application-owner-driven identity decisions to centralized, enterprise-standard identity governance across their complex healthcare, research, and academic operations. Both organizations emphasize that identity is no longer a commodity IT function but a critical path to business innovation, requiring the same strategic approach as ERP investments.

Future Vision: Continuous Adaptive Access and Zero Trust

Looking ahead, both organizations are investing heavily in risk-based, continuous adaptive identity and access management. Micron is implementing intensive role-based access control (RBAC) programs with near-real-time access management capabilities, focusing on dynamic controls that respond to changing risk signals across their global workforce. UCSF is standardizing identity governance to support their digital transformation initiatives, recognizing that foundational identity controls must precede major technology investments. The common thread is moving away from customization toward out-of-the-box enterprise standardization, with identity serving as the new perimeter in zero trust architectures. Deloitte's perspective reinforces that successful identity programs focus on business outcomes—reduced risk and revenue enablement—rather than technical implementation details.

Chapters

0:00 - Introduction and Panel Overview
1:04 - Micron's Identity Challenges and Strategy
3:32 - UCSF's Enterprise Identity Transformation
5:22 - Future Vision: Adaptive Access and Zero Trust
8:58 - Identity Evolution: From Security to Business Model
10:56 - Executive Communication and Business Value
13:22 - Positioning Identity as Business Innovation
15:23 - Closing Remarks

Key Quotes

1:10 "Micron is, I would say, one of the most targeted companies in America at least. The high value assets, high risk. And so we're under constant pressure to remediate, remove, and understand the risk."
2:44 "At Micron, we've made identity the center of our control strategy. So if you have identity in the center, and how does identity tie to the entire ecosystem from network to systems to data to physical control? ..."
5:43 "We're shifting to a model of identity-based decision-making, identity-based security. So it truly is going to be kind of out the foundation of how we conduct our business."
6:01 "There's a recognition that identity is not just kind of a commodity function, like a router or a firewall. It really is a critical path to business innovation."
9:35 "This is critical to our business model. Stop talking cybersecurity. And I think that's the evolution of identity. This will be your business model."
14:18 "I don't think it's hyperbolic to say that identity is a critical path to business innovation. That's where we look at it. And I think that's what we hope to have our executive leaders understand that. It's not commodity, it's not an IT function, it's a business function, and it should be approached as such."

FAQ

How do you convince executives and boards to invest in identity as a strategic priority?

Focus on business outcomes rather than technical details. Executives understand how identity impacts time to onboard, risk reduction, audit compliance, and cost. Position identity as a critical path to business innovation and digital transformation, comparable to ERP investments. Connect identity programs to current events, internal risk reduction, and business value like speed to market, IP protection, and productivity. Take technology out of the conversation and emphasize two key questions: Are you reducing risk? Are you enabling revenue growth?

What does the future of identity management look like for enterprise organizations?

The future centers on continuous adaptive identity and access management with risk-based, near-real-time controls. Organizations are moving toward intensive role-based access control (RBAC) programs with dynamic, policy-based approaches that respond automatically to changing risk signals. This includes identity-based decision-making as the foundation of zero trust architectures, with identity serving as the new perimeter. The emphasis is on enterprise standardization and out-of-the-box integration rather than customization, enabling automation at scale across global workforces.


Categories:
  • » Cybersecurity » Identity & Access Management (IAM)
  • » Cybersecurity » Zero Trust
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Zero Trust
  • Executive Briefing
  • Best Practices
  • Compliance & Governance
  • Identity Governance
  • Zero Trust Architecture
  • Role-Based Access Control
  • RBAC
  • Continuous Adaptive Access
  • Identity Hygiene
  • Enterprise Standardization
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: SailPoint: Elevating Identity from Security Function to Business Priority

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Worthy Security Team for Unmatched Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        22

                        Insights and Strategies for Effective Data Privacy and Protection

                        07/22/202606:30 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version