Every now and again, I run into a company that uses unfamiliar jargon to describe their product or service. Aveksa
is just such a company. Jason Garbis, VP of Product Management for
Aveksa, reached out to me recently to bring me up to date on the
company's notion of "Access Governance Automation software."
Here's what Aveksa has to say
Aveksa 4.0 enables organizations to deploy an automated, continuous process for managing and governing user access to information resources that reduces IT complexity, increases operational efficiency and provides the business with an intuitive access request service. With Aveksa 4.0 in place, organizations can efficiently address access request, fulfillment and regulatory compliance demands through a set of collaborative processes that:
- Automates manual tasks to reduce IT operational overhead
- Enforces accountability & automates controls to manage access risk
- Provides the auditable evidence of compliance & embeds governance in process
- Creates effective processes for access request & change management that speeds up delivery
- Integrates with existing identity management & IT service management technologies
Snapshot analysis
I came into the discussion with thoughts of access management products coming from IBM, Microsoft, HP, Novell and others dancing in my head. At first, Aveksa's product appeared to be a combination of a single sign-on package, directory services, access management and reporting on how individuals are using an organization's IT resources.
As I learned more, Aveksa appears to be targeting the requirements public companies and companies in regulated industries have to manage access. Jason and I discussed situations in which an employee left a company and still had access to critical systems for months afterward. This, we both agreed, was due to the fact that many companies don't have automated procedures to add staff and consultants to all of the systems they need to access. Nor do they have an automated procedure to decommission or change system access privileges when someone leaves the company or leaves and then comes back as a consultant.
When these companies are audited, they often find themselves in trouble because this process is managed by little slips of paper sent via interoffice mail and are then transcribed into a spreadsheet. The spreadsheet is then given to an IT administrator that manually changes account access.
Aveksa believes that it is much better that organizations use an automated process that allows business unit managers to control the process for their own staff and consultants. That way, access privileges could be changed the day that a staff member's or consultant's status changed. That way, gaping holes in the organization's security profile could be managed.
I found myself won over from being very skeptical to understanding where and how this would fit in a company's security and governance procedures. I believe that if your organization is a public company or a company in a regulated industry that Aveksa would be worth knowing.