I don't generally like to discuss specific vendors - especially if I don't have a strong relationship with them. But I saw a press release last week that was titled Aveksa Radically Changes the Economics of Identity and Access Management. I have to admit that I probably grimaced and thought "radically changes... seriously? Are they kidding?" The release stated that they introduced a new product called Access Fulfillment Express that's going to break "the cycle of heavy investments". I sarcastically thought "Yeah, sure it is."
I know Aveksa to be good within their sweet spot - Access Governance across enterprise applications - but I didn't think of them as an influential player in Identity Management (provisioning) probably because I knew they integrated with most of the major IAM vendors for provisioning tasks. So, I was pretty skeptical that they'd be doing anything that "radically changes the economics" of an IAM project. That was, until today when I had an opportunity to speak with someone from Aveksa.
Consider my tune changed.
One of the most complicated parts of any IAM deployment traditionally has been the development of the connectors. The connectors establish the link to the target systems and define the rules by which data will be managed. There's a lot of work on both the business side and technical side to get the connectors working properly. The connector work often makes or breaks the entire IAM system.
So, what has Aveksa done to the connectors to improve upon them? Essentially, they've dumbed them down. If the connector is JUST a connector and doesn't have all that business logic built in, the process of deploying a connector becomes much easier. They called them Lightweight Adapters. It's analogous to a set of APIs that can carry out whatever commands are sent to them. And the commands, then, and business logic, is managed by the application.
IAM solutions originated as complex systems of connectors that later bolted on a UI to provide workflow. By starting with the UI as the real business value, Aveksa may have stumbled upon (or brilliantly planned?) a way to radically simplify deployment and management of IAM solutions.
NOTE: I haven't vetted Aveksa's approach in any detail. I haven't deployed the solution or even looked at the documentation, but I thought the shift in approach was worthy of discussion.