New application lets security pros, compliance specialists, and business managers collaborate in roles-based governance.

John Foley, Editor, InformationWeek

October 26, 2007

2 Min Read

Data breaches and insider threats -- what's a company to do? Rigorous enforcement of data access policies is part of the answer. Aveksa's software lets IT managers establish data access privileges and manage who gets access to which applications. Business managers, security pros, and compliance specialists collaborate in the process.
--John Foley AVEKSA HEADQUARTERS: Waltham, Mass.

PRODUCT: Aveksa Enterprise Access Governance Suite

PRINCIPALS: Deepak Taneja, co-founder and CEO; Dan Peterson, co-founder, VP of field engineering; Jim Ducharme, VP of engineering; Patrick Welch, VP of sales

INVESTORS: Charles River Investors, Pequot Ventures

EARLY CUSTOMERS: Amscan, Cigna, XL Capital

Deepak Taneja, co-founder and CEO, Aveksa

Taneja's Aveksa helps brings order to chaos

THE NAPKIN PITCH Data access management is a best practice in IT governance. Data access privileges, or entitlements, are determined by an employee's "role." In large companies, there can be thousands of roles and billions of entitlements, and they change constantly. Aveksa brings order to this chaos, reducing risk while helping companies comply with regulatory requirements. WHAT IT'S NOT Aveksa's software is not a security application. It leaves identity management, authentication, authorization, and provisioning to products designed for those purposes. CEO Taneja refers to such tools--sold by CA, IBM, Sun, Netegrity, and others--as the security-enforcement layer. They control user access to information. Aveksa's software is a governance layer that complements such gatekeeping tools. Says Taneja, "We think of it as a business application that deals with security data." BACKGROUND CEO Taneja was formerly CTO of ID management vendor Netegrity, acquired by CA in 2004. Ducharme, Welch, and other members of Aveksa's management team are of Netegrity-to-CA lineage. WHAT'S NEW The Aveksa 3 suite, due for release in November, comprises two applications. An update to the existing Aveksa Compliance Manager--which automates monitoring of and reporting on user access rights--features enhanced detection of identity changes and new capabilities for change management and auditing. The new Aveksa Role Manager lets security pros, compliance personnel, and business managers work together in defining roles; capabilities include role discovery, modeling, and certification. TIMELINE Timeline Chart Read InformationWeek's Startup City blog

About the Author(s)

John Foley

Editor, InformationWeek

John Foley is director, strategic communications, for Oracle Corp. and a former editor of InformationWeek Government.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights