As it happens, that's exactly what Cigna's chief information security officer Craig Shumard needed to put the finishing touches on a role-based access control system that Cigna began developing five years ago. Cigna had the security layer in place, but was lacking a good way to automate and manage "entitlements," or data access privileges based on an employee's position and responsibilities. "There weren't any tools on the market to assist us with that," says Shumard.
Cigna's got 26,000 employees, 22,000 PCs, 9,000 laptops, thousands of applications, and 140 terabytes of data, so tracking who gets access to what was no small problem. Then Aveksa came along. Significantly, Aveksa was no garage shop operation started by two college buddies (though that approach sometimes works, too). Aveksa's founder and CEO, Deepak Taneja, was the former CTO of Netegrity, an ID management software company acquired by CA in 2004. Other members of Aveksa's management team, including VP of engineering Jim Ducharme and VP of sales Patrick Welch, also hailed from Netegrity and CA.
In other words, though Aveksa was a startup, it's top execs had deep expertise in data access management and plenty of experience working with IT departments in midsize and large companies. There were professional connections, too. Cigna's IT security folks had worked with Aveksa people in the past, before Aveksa was ever created. "Relationships count," says Shumard.
Aveksa still had to convince Cigna that its software was up to snuff. Cigna put the startup's technology through extensive testing, while Cigna's sourcing department looked at Aveksa's viability as an early stage company. With $6 million in series A funding from Charles River Ventures and Pequot Ventures, Aveksa got the thumb's up. Aveksa announced the deal with Cigna in June.
Also working in Aveksa's favor was Shumard's willingness to put his trust in a startup, a proposition some IT executives consider too risky. Shumard explains he's merely trying to find the best products to create an air-tight security infrastructure and that sometimes requires working with emerging technologies and companies. "Changes in technology are coming faster than some of the big guys can move," he says.
When the job is to protect data from many and growing threats, security pros aren't inclined to wait for more established software vendors to deliver what they need. "I've got a lot of pressures on me from our business people looking to enable our business securely," Shumard says. Business pressures often translate into technology opportunities. Aveksa seized this one.