How We Do It

Aveksa approaches access governance from a unique perspective, since we're designed from the ground-up to solve the challenges and scale inherent in access governance.  Unlike other solutions, which may have evolved into access governance from another, adjacent space, we were designed to address access governance from day 1. This is reflected in many of the design points of our ControlXS™ architecture.

As a purpose-built solution, we're designed to handle the data types, complexity, and messiness inherent in typical enterprise environments. And, we can scale to efficiently handle millions of identities, accounts, and entitlements. In fact, many of our customers have millions of entitlements under management, at some of the world's biggest and most complex enterprises.

At the heart of our architecture is the Access Management Database (XMDB™).  Our XMDB uniquely provide organizations with a centralized, reliable source of truth about who has access to what in the enterprise -- across all applications and data sources. As a purpose-built solution, we can scale to handle the number of identities, accounts, and entitlements under management at even the largest enterprises.

Ultimately, we enable IT to shift responsibility and accountability for making access decisions to the people in the organization who have the best knowledge and context – the line of business.  Thinking clearly about it, it's simply not right to ask IT or InfoSec to make access decisions about hundreds or thousands of users, who they know very little about. The right people to make these decisions are the business managers…the users' supervisors. Our solution, the Aveksa Access Governance Platform, is made of up four modules, which allow customers to incrementally approach Access Governance:

• Aveksa Compliance Manager – providing visibility of entitlements across all relevant applications, platforms, and data sources in the enterprise, and managing the overall process for compliance reviews. This module also includes the capability to define policies, such as Segregations-of-Duties rules, or policies about how to handle organizational Joiners, Movers, and Leavers
• Aveksa Role Manager – providing the ability to discover (mine) roles based on existing relationships between users and entitlements, as well as the ability to define and manage new roles.  Roles can significantly help simplify the effort of access governance, by building on the previous phases. 
• Aveksa Access Request and Change Manager – providing a business-user-centric access request portal, so that end users can quickly and easily request access to new entitlements, while dynamically checking for policy violations against requested access, and providing a complete auditable metrics for all activities.
• Aveksa Data Access Governance – extending access governance to unstructured data, including SharePoint sites and Windows file shares.  Organizations increasingly recognize the need to extend their access governance solutions to cover not just critical applications, but critical data as well, driven both by compliance and security needs.  This module companies to apply Aveksa's scalable and purpose-built platform into this new realm.