A big part of the problem with access control specifically and governance, risk management and compliance (GRC) in general is that it's too complicated to manage.
Everybody knows that access control is a major security and compliance issue. But the level of granular control required to easily manage access control has proven to be elusive. The end result is that internal IT people have access to almost everything, and people who were given access to certain files and documents years ago still have access to that data even though their job functions have changed multiple times over. Worse yet, people who have left the company long ago could still theoretically log into a server using the same passwords they had when they were an employee.
To address this issue, Aveksa has developed a suite of access control and compliance management tools that Aveksa CEO Vick Vaishnavi says gives managers the granular control they need to set policies and then easily manage them by, for example, removing access rights from an individual that can then automatically be applied across any and all applications and systems.
Vaishnavi says Aveksa accomplishes all this by deploying a metadata server that keeps track of all the relationships between users, their role in the organization and the applications and files they have the right to access.
Furthermore, Vaishnavi says the Aveksa suite of tools includes a discovery engine that allows an organization to easily discover all the entitlements and dependencies that individuals have across the organization. Once that process is initiated, it's not too long before the compliance process starts to become a whole lot more manageable.
Because organizations don't have an easy way to manage GRC, Vaishnavi says that toxic situations are routinely created that are only waiting to be discovered during an audit process or, worse yet, exploited by someone trying to do material harm to the organization.
When it comes to GRC, most organizations intrinsically want to do the right thing; it's just that doing the right thing right now often proves to be just too difficult.