Gain the upper hand on governance and compliance with SaaS-based SecureGRC

The CIO-level business angle on the latest tech

In recent years, government and industry regulations have put pressure on organizations of every ilk and size to increase governance over their IT systems, and in particular over data security and privacy. These regulations include the Basel II Accord, the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA) and California Senate Bill 1386, just to name a few. Non-compliance with an applicable regulation can lead to serious penalties for a business, regardless of its size. Even a small mom-and-pop retail store faces stiff fines if it's found to be non-compliant with the Payment Card Industry (PCI) data security guidelines.

Seeing an opportunity, many solution vendors have responded with applications designed to automate the complex process of discovering, monitoring and reporting on a company's governance, risk and compliance (GRC) posture. Most of these solutions have been aimed at medium-to-large enterprises that have extensive IT environments controlling complex business processes. Because of the overarching and pervasive nature of these GRC automation tools, their implementations and ongoing usage can be time-consuming and expensive. This has left smaller, resource-strapped companies out in the cold for GRC automation. Until now, that is.

In early June, eGestalt Technologies announced SecureGRC, a cloud-based integrated IT security and GRC solution. With subscription pricing starting as low as $1,400 per month, even small-to-midsize companies can afford to automate the process of aligning security management practices with organizational governance. SecureGRC scales to serve large enterprises as well.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

In recent years, government and industry regulations have put pressure on organizations of every ilk and size to increase governance over their IT systems, and in particular over data security and privacy. These regulations include the Basel II Accord, the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA) and California Senate Bill 1386, just to name a few. Non-compliance with an applicable regulation can lead to serious penalties for a business, regardless of its size. Even a small mom-and-pop retail store faces stiff fines if it's found to be non-compliant with the Payment Card Industry (PCI) data security guidelines.

Seeing an opportunity, many solution vendors have responded with applications designed to automate the complex process of discovering, monitoring and reporting on a company's governance, risk and compliance (GRC) posture. Most of these solutions have been aimed at medium-to-large enterprises that have extensive IT environments controlling complex business processes. Because of the overarching and pervasive nature of these GRC automation tools, their implementations and ongoing usage can be time-consuming and expensive. This has left smaller, resource-strapped companies out in the cold for GRC automation. Until now, that is.

In early June, eGestalt Technologies announced SecureGRC, a cloud-based integrated IT security and GRC solution. With subscription pricing starting as low as $1,400 per month, even small-to-midsize companies can afford to automate the process of aligning security management practices with organizational governance. SecureGRC scales to serve large enterprises as well.

At this writing, eGestalt's SaaS model is unique among GRC vendors. But eGestalt doesn't sell its subscriptions direct to customers; rather, the vendor works through managed service providers that implement the application and help the customer interpret the GRC gap reports. This is especially important for smaller companies that don't necessarily have GRC expertise in-house.

Akibia is an eGestalt channel partner. Akibia provides services to help companies manage their data center, network and security infrastructure. Akibia uses SecureGRC to offer its customers an Assured Compliance service, which provides visibility into multiple compliance requirements via a single, integrated framework.

Robert Klotz, Akibia's vice president of technology, says they chose eGestalt SecureGRC because of the product's functionality, ease of use and low cost. "SecureGRC's timely collection of data helps us demonstrate to our clients their current compliance profile and compliance issues in a manner that allows them to better understand what controls need to be implemented to assure compliance with their specific policy and regulatory requirements." Klotz adds that SecureGRC is a full featured, cost friendly solution that is adaptive, flexible and easy to use. He says it's a particularly good fit for the companies that Akibia serves.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.