5 Comments

Summary:

Aveksa’s identity tracking smarts and workflow will turn the keys of ID management over to line-of-business owners, instead of IT, says RSA’s Nirav Mehta.

Vault opening
photo: Shutterstock / Maxx-Studio

If you think it’s a dull day on the M&A front, wait a second and EMC (or Oracle or IBM will buy something. Today, it’s EMC’s turn with news of its acquisition of Aveksa, a specialist in identity and access management technology that will be folded into EMC’s RSA Security group. EMC bought RSA in 2006 for over $2 billion.

Both companies said Aveksa will fit nicely into the rest of RSA’s product stable. According to the statement announcing the deal Aveksa “spans multiple, heterogeneous IT systems for both on-premise and SaaS systems, and is designed to be easily integrated into an enterprise’s infrastructure.” So there.

Bedford, Mass.-based RSA had focused largely on access management, authentication and authorization, “but this brings us more identity management and intelligence,” said Nirav Mehta, director of product management for RSA. “Aveksa handles everything about the user life cycle, how their change in roles are managed and how business context affects their permissions and tracks all that through the life cycle.” he added.

For example, Aveksa does more than look at the directory to see which users are in which groups but compares permissions of users to spot anomalies. If I report to Joan Doe and Harry also reports to Joan Doe, but I have permissions to things he does not, that would be flagged as an outlier and sent up the food chain to Joan to see if something is amiss. That  automated workflow and the ability it gives business owners — as opposed to IT pros — to monitor who gets access to what, are Aveksa’s strengths, he said.

RSA already licenses and resells Radiant Logic’s Virtual Directory which handles ID management and will continue to do so because RSA sees the two tools as complimentary. Virtual Directory stores all that data but Aveksa is the brains to sort through it, he said.

Terms of this acquisition were not disclosed but The Times of India estimates EMC paid about $225 million for Aveksa, which was founded in 2004 by Deepak Taneja, former CTO and executive VP of Netegrity, now part of CA.

Speaking broadly, the mandate for security providers like RSA and competitors including IBM and Symantec, is to bring big data and analytics to bear on the security problem that besets us now in a world of cloud-distributed workloads and multiple user devices. The goal is not to eliminate risk — which even RSA executive chairman Art Coviello has said is impossible — but to close the gap between an intrusion or other event and the response to that event.

Products like Aveksa can help attain that end by ensuring that users of corporate assets are in fact entitled to do so.

 

  1. Aveksa’s product is lacking a quite a bit (not even in the Gartner Magic Quadrant for provisioning), so I don’t think this was a home run for RSA.

    Share
    1. i don’t place all that much stock in magic quadrant and i don’t know re. provisioning but aveksa does appear to be in the GMQ, at least according to a post by a competitor.

      http://www.sailpoint.com/landing-pages/gartner-IAG-magic-quadrant/

      Share
      1. That is the Identity Governance Quadrant which is essentially GRC with a the ability to tie into a native Provisioning tool also offered by the vendor (hence why NetIQ is not on the list). The criteria was first and foremost to have a GRC tool. Secondary was Provisioning of which Aveksa (and Sailpoint) have what amounts to a 1.0 release (and lots of vaporware). In the provisioning space Aveksa’s tool is crap at best. In the GRC space it isn’t too shabby, just a LOT of bugs however SailPoint is just as buggy.

        Share
      2. You’re looking at the wrong MQ Barb.

        Share
  2. I would whole heartedly agree with Anton on this one.

    Share

Comments have been disabled for this post