The customer success stories, industry partnerships, market predictions, etc. drumbeat for IT Governance, Risk and Compliance Management (IT GRC) continues to get louder and louder. Just caught this article over on TechTarget "Security Management 2008 - What's in Store." About halfway through Mike highlights the GRC space.
-snip-
Hopefully, security professionals will finally come to grips with the discipline that is preparing for an audit, which will result in an opportunity for vendors that provide so-called GRC products -- glorified reporting and workflow packages meant to automate the compliance process. These products allegedly automate the data gathering and reporting processes, so managers don't have to spend days (or weeks) preparing for the audits. Clearly that is a problem for security professionals that should be doing something more productive than preparing for an audit. It pains me to think that we'll need to implement yet another point product to solve a problem, but it is what it is.
-snip-
Even though skeptical, I'll take that as an endorsement for GRC in 2008! Mike give us a shout if you would like a demo, discussion and even an introduction to talk to customers using it.
2007 was a great year of education on the value of IT GRC and we hope/expect 2008 to be where customer implementations of this security automation take off! The ROI and team efficiency gains are tremendous, it also reduces the headaches and frustrations security team members get when having to prepare for audits.
Oh yeah, here is part one of this blog title "2008 - The Year of IT Risk Management" just in case you missed it.
-snip-
Hopefully, security professionals will finally come to grips with the discipline that is preparing for an audit, which will result in an opportunity for vendors that provide so-called GRC products -- glorified reporting and workflow packages meant to automate the compliance process. These products allegedly automate the data gathering and reporting processes, so managers don't have to spend days (or weeks) preparing for the audits. Clearly that is a problem for security professionals that should be doing something more productive than preparing for an audit. It pains me to think that we'll need to implement yet another point product to solve a problem, but it is what it is.
-snip-
Even though skeptical, I'll take that as an endorsement for GRC in 2008! Mike give us a shout if you would like a demo, discussion and even an introduction to talk to customers using it.
2007 was a great year of education on the value of IT GRC and we hope/expect 2008 to be where customer implementations of this security automation take off! The ROI and team efficiency gains are tremendous, it also reduces the headaches and frustrations security team members get when having to prepare for audits.
Oh yeah, here is part one of this blog title "2008 - The Year of IT Risk Management" just in case you missed it.
