If you think it’s a dull day on the M&A front, wait a second and EMC (or Oracle or IBM will buy something. Today, it’s EMC’s turn with news of its acquisition of Aveksa, a specialist in identity and access management technology that will be folded into EMC’s RSA Security group. EMC bought RSA in 2006 for over $2 billion.
Both companies said Aveksa will fit nicely into the rest of RSA’s product stable. According to the statement announcing the deal Aveksa “spans multiple, heterogeneous IT systems for both on-premise and SaaS systems, and is designed to be easily integrated into an enterprise’s infrastructure.” So there.
Bedford, Mass.-based RSA had focused largely on access management, authentication and authorization, “but this brings us more identity management and intelligence,” said Nirav Mehta, director of product management for RSA. “Aveksa handles everything about the user life cycle, how their change in roles are managed and how business context affects their permissions and tracks all that through the life cycle.” he added.
For example, Aveksa does more than look at the directory to see which users are in which groups but compares permissions of users to spot anomalies. If I report to Joan Doe and Harry also reports to Joan Doe, but I have permissions to things he does not, that would be flagged as an outlier and sent up the food chain to Joan to see if something is amiss. That automated workflow and the ability it gives business owners — as opposed to IT pros — to monitor who gets access to what, are Aveksa’s strengths, he said.
RSA already licenses and resells Radiant Logic’s Virtual Directory which handles ID management and will continue to do so because RSA sees the two tools as complimentary. Virtual Directory stores all that data but Aveksa is the brains to sort through it, he said.
Terms of this acquisition were not disclosed but The Times of India estimates EMC paid about $225 million for Aveksa, which was founded in 2004 by Deepak Taneja, former CTO and executive VP of Netegrity, now part of CA.
Speaking broadly, the mandate for security providers like RSA and competitors including IBM and Symantec, is to bring big data and analytics to bear on the security problem that besets us now in a world of cloud-distributed workloads and multiple user devices. The goal is not to eliminate risk — which even RSA executive chairman Art Coviello has said is impossible — but to close the gap between an intrusion or other event and the response to that event.
Products like Aveksa can help attain that end by ensuring that users of corporate assets are in fact entitled to do so.