Why Cigna Chose Startup For Key Security Function

Getting a foot in the door of big business is the hardest part of being a tech startup. So how did <a href=http://www.aveksa.com/>Aveksa</a>, a 3-year-old software company, land a deal with <a href=http://www.cigna.com/>Cigna</a>? It had the right application at the right time to help the health insurer fill a gap in its IT security strategy.

John Foley, Editor, InformationWeek

October 26, 2007

3 Min Read
InformationWeek logo in a gray background | InformationWeek

Getting a foot in the door of big business is the hardest part of being a tech startup. So how did Aveksa, a 3-year-old software company, land a deal with Cigna? It had the right application at the right time to help the health insurer fill a gap in its IT security strategy.Aveksa's Enterprise Access Governance Suite helps companies bring discipline to the haphazard process of determining which employees get access to which applications and databases. Aveksa's apps aren't security products, per se. They're business-process tools that work in conjunction with identity management, authentication, and authorization products.

As it happens, that's exactly what Cigna's chief information security officer Craig Shumard needed to put the finishing touches on a role-based access control system that Cigna began developing five years ago. Cigna had the security layer in place, but was lacking a good way to automate and manage "entitlements," or data access privileges based on an employee's position and responsibilities. "There weren't any tools on the market to assist us with that," says Shumard.

Cigna's got 26,000 employees, 22,000 PCs, 9,000 laptops, thousands of applications, and 140 terabytes of data, so tracking who gets access to what was no small problem. Then Aveksa came along. Significantly, Aveksa was no garage shop operation started by two college buddies (though that approach sometimes works, too). Aveksa's founder and CEO, Deepak Taneja, was the former CTO of Netegrity, an ID management software company acquired by CA in 2004. Other members of Aveksa's management team, including VP of engineering Jim Ducharme and VP of sales Patrick Welch, also hailed from Netegrity and CA.

In other words, though Aveksa was a startup, it's top execs had deep expertise in data access management and plenty of experience working with IT departments in midsize and large companies. There were professional connections, too. Cigna's IT security folks had worked with Aveksa people in the past, before Aveksa was ever created. "Relationships count," says Shumard.

Aveksa still had to convince Cigna that its software was up to snuff. Cigna put the startup's technology through extensive testing, while Cigna's sourcing department looked at Aveksa's viability as an early stage company. With $6 million in series A funding from Charles River Ventures and Pequot Ventures, Aveksa got the thumb's up. Aveksa announced the deal with Cigna in June.

Also working in Aveksa's favor was Shumard's willingness to put his trust in a startup, a proposition some IT executives consider too risky. Shumard explains he's merely trying to find the best products to create an air-tight security infrastructure and that sometimes requires working with emerging technologies and companies. "Changes in technology are coming faster than some of the big guys can move," he says.

When the job is to protect data from many and growing threats, security pros aren't inclined to wait for more established software vendors to deliver what they need. "I've got a lot of pressures on me from our business people looking to enable our business securely," Shumard says. Business pressures often translate into technology opportunities. Aveksa seized this one.

About the Author

John Foley

Editor, InformationWeek

John Foley is director, strategic communications, for Oracle Corp. and a former editor of InformationWeek Government.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights