EMC’s RSA Unit Grows IAM Capabilities With Aveksa Buy

The acquisition will give RSA more business-driven identity and access management tools that can span on-premises and cloud environments.

EMC is bolstering the identity and access management capability of its RSA security division with the acquisition of Aveksa, a private company whose products offer greater intelligence and business context in determining who gets access to what corporate data.

Enhancing the intelligence and business context capabilities in identity and access management (IAM) is increasingly important given the growth of cloud computing, mobility and application-centric computing, and the rising number of devices employees use to access company resources, according to officials with the storage giant.

"IAM systems today are akin to an athletic human body with an undeveloped brain. I have not talked with a single customer lately who is satisfied with their current IAM deployment," Nirav Mehta, director of product management, identity and data protection at RSA, wrote in a July 8 posting on the security division's blog site. "IAM must be retooled at its very foundation. We need to add intelligence and business context at the heart of IAM. It all starts with the user. If we get a solid handle on 'who' the user really is in the business context and 'what' they should have access to, all downstream functions like authentication and provisioning will be much more effective."

That was the key driver for the Aveksa acquisition, Mehta wrote, adding that the "company and product is built ground up with the notion that ownership of identity management must move from IT departments to primary ownership by business owners."

EMC and RSA announced the acquisition July 8. No financial details were released. Aveksa will become part of RSA's Identity Trust Management product group.

The acquisition will enable EMC and RSA to better compete with larger IAM players such as IBM, CA and Oracle, as well as vendors like Dell, which boosted its capabilities last year with the acquisition of Quest Software.

Forrester Research analyst Andras Cser said in a July 9 post on the firm's blog that he expects RSA to eventually consolidate its access management portfolio and become a larger factor in the cloud-based IAM space with a fully hosted offering, akin to what CA offers with CloudMinder.

"What it means: After years of consolidation and vendors bailing out of the space (HP, BMC, etc.), we will have one more vendor to choose from in the complete, full-functionality IAM suites market," Cser wrote. "This will create greater competition and more innovation."

The issue of authenticating, authorizing and identifying users' access to corporate resources has become more critical and complex, according to EMC officials, due in large part to the growth of cloud computing. Where once a single sign-on was needed to give users access to a corporate network, now a range of authentications are needed to give users access to applications and data, from multiple devices, and across on-premises and cloud-based infrastructures.