EMC’s RSA Unit Grows IAM Capabilities With Aveksa Buy

By Jeffrey Burt  |  Posted 2013-07-09

EMC’s RSA Unit Grows IAM Capabilities With Aveksa Buy

EMC is bolstering the identity and access management capability of its RSA security division with the acquisition of Aveksa, a private company whose products offer greater intelligence and business context in determining who gets access to what corporate data.

Enhancing the intelligence and business context capabilities in identity and access management (IAM) is increasingly important given the growth of cloud computing, mobility and application-centric computing, and the rising number of devices employees use to access company resources, according to officials with the storage giant.

"IAM systems today are akin to an athletic human body with an undeveloped brain. I have not talked with a single customer lately who is satisfied with their current IAM deployment," Nirav Mehta, director of product management, identity and data protection at RSA, wrote in a July 8 posting on the security division's blog site. "IAM must be retooled at its very foundation. We need to add intelligence and business context at the heart of IAM. It all starts with the user. If we get a solid handle on 'who' the user really is in the business context and 'what' they should have access to, all downstream functions like authentication and provisioning will be much more effective."

That was the key driver for the Aveksa acquisition, Mehta wrote, adding that the "company and product is built ground up with the notion that ownership of identity management must move from IT departments to primary ownership by business owners."

EMC and RSA announced the acquisition July 8. No financial details were released. Aveksa will become part of RSA's Identity Trust Management product group.

The acquisition will enable EMC and RSA to better compete with larger IAM players such as IBM, CA and Oracle, as well as vendors like Dell, which boosted its capabilities last year with the acquisition of Quest Software.

Forrester Research analyst Andras Cser said in a July 9 post on the firm's blog that he expects RSA to eventually consolidate its access management portfolio and become a larger factor in the cloud-based IAM space with a fully hosted offering, akin to what CA offers with CloudMinder.

"What it means: After years of consolidation and vendors bailing out of the space (HP, BMC, etc.), we will have one more vendor to choose from in the complete, full-functionality IAM suites market," Cser wrote. "This will create greater competition and more innovation."

The issue of authenticating, authorizing and identifying users' access to corporate resources has become more critical and complex, according to EMC officials, due in large part to the growth of cloud computing. Where once a single sign-on was needed to give users access to a corporate network, now a range of authentications are needed to give users access to applications and data, from multiple devices, and across on-premises and cloud-based infrastructures.


EMC’s RSA Unit Grows IAM Capabilities With Aveksa Buy

Legacy IAM solutions, which lack the intelligence and business context capabilities, can't handle such demands and puts data at higher risk, officials said. In addition, they tend to be IT-driven, while the need now is to shift to a more business-driven model that can address what EMC officials call "situational perimeters," ensuring that organizations can enforce security regardless of how, where or when a user looks to access corporate resources.

"The adoption of cloud-based IT infrastructures and the pervasive use of mobile means that security organizations are being asked to secure and provide access to assets they don't own, manage, or control," RSA CEO Art Coviello said in a statement. "Without the deep intelligence able to provide insight into what users should and should not have access to, traditional tools that simply automate IAM leave organizations exposed to the risk of excessive privilege, data breaches and regulatory non-compliance."

With Aveksa in house, RSA will be able to automate the user identity lifecycle from a business-driven—rather than IT-driven—perspective, according to EMC officials. Aveksa brings with it a unified dashboard that enables and manages access while enforcing identity and access policies throughout the enterprise and the cloud.

According to Deepak Taneja, Aveksa co-founder and CTO, the company's initial goal was to make identity management business-driven.

"By automating business processes for access review, access policy management, role management, and policy-driven access request, our customers were able to deliver access to the business more efficiently, while ensuring that all user access met security and compliance requirements," Taneja wrote in a post on the Aveksa blog. "More recently, Aveksa expanded our offering to include Provisioning and Cloud solutions. With governance, provisioning, and cloud capabilities combined into one IAM platform, we've redefined what enterprises need from an IAM vendor—a simple 'one-brain' IAM solution that's easy for the business to use, for IT to manage and for audit, risk and compliance teams to drive and test."

Joining with RSA will give the Aveksa the technology, support and reach it didn't have as a stand-alone company, he wrote.

"By cohesively integrating these elements into a single vendor solution, enterprises can transform how they're solving their IAM challenges," Taneja wrote. "With intelligence-driven security, customers can connect insight from roles, processes, and security-oriented Big Data to enable better prevention, visibility, prioritization, detection and response to risk and real-time threats."


Rocket Fuel