RSA using buyouts to broaden its authentication and ID management scope

RSA, through parent company EMC, has acquired two companies in the span of a month that could have a big impact on the future of its authentication and identity-management security products and services, especially for mobile devices.

Acquired in early July, Aveksa brings to RSA a way to provide business-focused identity and access management, provisioning and single sign-on (SSO), both via on-premises software and cloud-style, with support for mobile devices. And just yesterday, year-old San Francisco start-up PassBan, whose products are still in beta, was scooped up by EMC to add to RSA's stable of new technologies. In PassBan's case, RSA obtains new biometrics and location-based authentication with a focus on mobile devices.

[Top Tech Industry M&A Deals of 2013]

PassBan's beta technologies even include a wearable "smart wristband" that could play the role of an alternative to a hardware-based  authentication token or key fob, says Manoj Nair, senior vice president of RSA's identity trust manager business. While RSA is not at the point of publicly putting forth a formal road map for what it will do with Aveksa and PassBan, Nair offered a glimpse into RSA's ideas, which are decidedly oriented toward mobile devices and their management.

RSA is known today for its SecurID one-time password tokens, which can be used in either hardware or software form for a wide range of computer and mobile platforms. PassBan technologies are being eyed as a means to blend in voice and face biometrics, along with other identity authentication variables that could include motion and location, in addition to passwords.

Aveksa's appeal as a vendor of provisioning, de-provisioning and SSO products for the enterprise is that its offerings can be used to look at entitlements and privileges and determine if users' access rights are appropriate, Nair says. Aveksa technology will soon be integrated to share information with Archer, RSA's governance and risk management product.

Aveksa identity management is also expected to play a role in RSA's push into data analytics for security purposes-- what's sometimes called "Big Data Security," an emerging area where large amounts of information are combined to detect and analyze security issues.

RSA introduced its Security Analytics appliance in January, blending its security information and event management (SIEM) product enVision with its threat-monitoring NetWitness offering. Add in Aveksa, "you can bring the actual entitlement information, feed it into the platform and use what the user is doing and what they're entitled to," Nair says. One example would be if the user appears to be going beyond an expected boundary, it could be flagged with a security warning to a manager.

In short, Aveksa and PassBan offer technologies that will be integrated in various ways to expand RSA's security products and services especially for Android, Apple and all the mobile-device platforms, though the Aveksa and PassBan brand names will likely fade to become RSA-branded in the future.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.