On July 8, we announced that EMC has acquired Aveksa, a leader in Business-driven Identity and Access Management (“IAM”) to join the RSA security division. It’s an opportunity to help our customers take a fresh look at what a new, “Adaptive IAM” approach can do for them, as they deal with increased infrastructure complexity, demanding access requirements from lines-of-business and a dramatically escalating threat landscape. We continually hear from customers that they need more than what their traditional tools are providing as they struggle to meet their security, compliance or efficiency goals.
We see customers working to keep up with today’s hybrid enterprise, as the disruption of cloud and mobile (BYOD) on traditional IT means information teams are working harder than ever to manage the end-user identity lifecycle. The volume and variety of users, the rate at which roles and permissions change, and the wide swath of channels and applications they need to access (which may or may not be managed and secured by the enterprise) means that customers need and in fact demand a shift to a more user-oriented model, driven by intelligence.
Today’s hybrid computing models highlight the need to make rich user profiles and identities the most relevant controls in the absence of traditional on-device and network security technologies. They are demanding an adaptive model that can establish agile and scalable “situational perimeters” to help organizations dynamically protect access to valuable corporate resources and sensitive data.
Aveksa Video: What is business-driven Identity & Access Management?
In order to achieve this vision, we need to add intelligence and business context at the root of IAM deployments. When deep identity context drives all other IAM functions like provisioning, authentication and authorization, those functions are much more effective and we can actually reduce risk and improve the overall security posture, even as the scale of IAM deployments goes up steadily.
Beyond IAM, the positive effects of identity intelligence extend to risk/threat management and management and compliance efforts of organizations. For example, RSA’s Archer GRC platform can benefit significantly from high quality identity context as it monitors compliance to regulations that require only users in specific roles have access to sensitive or private data. We also see an opportunity for RSA’s Security Analytics platform to use identity intelligence to correlate activity logs with user entitlements as another way to detect anomalous or risky behavior.
We see real “1+1=3” opportunities here for customers who wish to unlock maximum value in their security investments. There’s no denying that cloud and mobile technology has been a boon for IT and the Internet, but it has introduced a “new identity crisis.” RSA and Aveksa together will enable organizations to establish a high fidelity source of identity information and use that information pervasively across all security functions to make security much more effective. We are now very well positioned to help our customers accelerate their use of cloud and mobile technologies, by using our Adaptive IAM approach as a critical enabler, to ensure security and compliance across the hybrid enterprise.