EMC Corp. has acquired Aveksa, a provider of identity and access management (IAM) solutions, saying the purchase will enhance RSA's current offerings in the identity and access management space.
It was vital for RSA to choose a mature IAM partner to enable it to compete with the new generation of cloud-focused identity management providers.
principal security analyst, Ovum
This was a "long-overdue acquisition, and one that RSA needed so it can compete at the highest levels in an identity management market set to undergo dramatic changes during the next two years," said Andy Kellett, principal security analyst at Ovum. "It was vital for RSA to choose a mature IAM partner to enable it to compete with the new generation of cloud-focused identity management providers."
As authentication and identity management become more tightly interwoven and increasingly complex in cloud-based, application-centric environments, the days of each user having a single authentication to an enterprise network are rapidly coming to an end. Now, dozens of authentications to applications and related data are required for multiple-user devices, across cloud and on-premises infrastructures.
While the task of ensuring that users have appropriate access to enterprise resources has traditionally been IT-driven, it relies on legacy IAM solutions to enforce policies, processes, procedures and applications. The lack of intelligence and business context with these legacy solutions can lead to an increased risk of data breaches, noncompliance and excessive privilege, according to RSA.
With Aveksa under its wing, RSA claims it will be able to provide enterprises with the ability to automate the complete identity lifecycle of users from a business-driven perspective and turn traditional IAM systems into more intelligent and scalable "situational perimeters."
"It's a combination of what RSA has already been pushing in terms of an intelligence-driven security approach," said Manoj Nair, senior vice president and general manager at RSA. "Aveksa has done pioneering work in identity intelligence and transformed the traditional IAM space by introducing identity intelligence and governance. We're going to take it to the next level now."
They'll get to that next level by "bringing in the most important aspect of user behavior: what privileges users have versus what they need," Nair explained. "When we combine what we can do today from a governance, risk and compliance perspective in a business context, it gives you a 360-degree view of your infrastructure and enterprise."
Down the road, as RSA and Aveksa roll out their authentication platform with risk-based techniques, combined with intelligence in terms of actual user behavior and a user-entitlement view, "you'll see some very interesting potential," Nair said.