Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=202601674
Data breaches and insider threats -- what's a company to do? Rigorous enforcement of data access policies is part of the answer. Aveksa's software lets IT managers establish data access privileges and manage who gets access to which applications. Business managers, security pros, and compliance specialists collaborate in the process.
Taneja's Aveksa helps brings order to chaos
Data access management is a best practice in IT governance. Data access privileges, or entitlements, are determined by an employee's "role." In large companies, there can be thousands of roles and billions of entitlements, and they change constantly. Aveksa brings order to this chaos, reducing risk while helping companies comply with regulatory requirements.
Aveksa's software is not a security application. It leaves identity management, authentication, authorization, and provisioning to products designed for those purposes. CEO Taneja refers to such tools--sold by CA, IBM, Sun, Netegrity, and others--as the security-enforcement layer. They control user access to information. Aveksa's software is a governance layer that complements such gatekeeping tools. Says Taneja, "We think of it as a business application that deals with security data."
CEO Taneja was formerly CTO of ID management vendor Netegrity, acquired by CA in 2004. Ducharme, Welch, and other members of Aveksa's management team are of Netegrity-to-CA lineage.
The Aveksa 3 suite, due for release in November, comprises two applications. An update to the existing Aveksa Compliance Manager--which automates monitoring of and reporting on user access rights--features enhanced detection of identity changes and new capabilities for change management and auditing. The new Aveksa Role Manager lets security pros, compliance personnel, and business managers work together in defining roles; capabilities include role discovery, modeling, and certification.