Senior Editor Denise Dubie guides you through the latest developments in management tools and services.
Managing enterprise risk requires IT executives to perpetually perform a juggling act of sorts.
IT executives must provide technologies and services to enable the business to thrive and grow, but at the same time they need to maintain tight controls on resources, access rights and the environment to prevent the risk of technology to the business from outweighing the reward.
"Organizations have always had to manage risk. Business survival requires an organization to successfully manage risk," reads a Forrester Report released last week entitled "Demystifying Enterprise Risk Management." "The challenge is that there are multiple definitions, approaches to and reporting of risk that are managed in silos across the organization. Risk managers must understand the varying views of risk across the organization and decide on a common framework of risk that the entire organization can work within."
That means IT is charged with making certain individuals are equipped to do their jobs without putting the company or its intellectual property in harm's way. For instance, risk management includes ensuring unauthorized individuals are not accessing certain data or working on systems not within their privileges, but it reaches much further than that.
According to Forrester Research, companies must first define risk and apply the comprehensive definition of risk across the entire organization. The research firm narrows it down to: "Risk is the effect of uncertainty on organizational objectives" and "Risk management is the coordinated activities to direct and control an organization to realize the opportunities while mitigating the negative consequences of events." Today several vendors are working to help customers ease the burden of first identifying and then managing risk with technologies falling into the broad governance, risk and compliance (GRC) market.
For instance, IBM earlier this year detailed its plans to address customer pain points around GRC and Symantec followed suit by offering IT-risk assessment services this past summer. And start-ups are emerging to tackle this problem as well. Newcomer Securityworks this week launched itself as a enterprise risk management software provider, after offering services in that market for the past few years.
Denise Dubie is senior editor with Network World.
Partner Content
NetScout and analyst Jim Metzler have teamed to deliver a series of IT Briefs on Network and Application Performance Management leveraging research from NetScout's nGenius & Sniffer users.
www.netscout.com
Metzler on Service Delivery Management
Delivering IT business value by evolving our thinking from managing application performance to focusing on services.
Learn More
2009 Handbook of Application Delivery
Successful IT organizations must know how to make the right application delivery decisions in these tough economic times.
Download the Handbook
Metzler on the Modern IP Network
Discusses the growing emphasis on network management and the need to implement a holistic view of the end-to-end experience of the user.
Read the Brief