Surveying the GRC landscape

* Governance, Risk and Compliance (GRC) Management

Governance, Risk and Compliance (GRC) Management is fast becoming the No. 1 topic of conversation in the enterprise identity field. Among the leaders in the space is San Jose’s Agiliance and I had the opportunity last week to chat with their new Vice President of Marketing, Patrick Kerans.

Governance, Risk and Compliance (GRC) Management is fast becoming the No. 1 topic of conversation in the enterprise identity field. Among the leaders in the space is San Jose’s Agiliance and I had the opportunity last week to chat with their new Vice President of Marketing, Patrick Kerans. 

<aside> Thanks to Liz Safran for bringing us together. I once called Liz the “punctuality-challenged, but always helpful PR princess,” but she was right on time with this one. And she’s a Red Sox fan. And she’s single, guys. </aside>

Kerans came to Agiliance from Counterpane Internet Security (now BT Counterpane), Bruce Schneier’s well-respected managed security company. He’s no stranger to the world of securing digital assets. And that’s generally how you can describe the GRC space – managing the organization’s digital assets in such a way that business gets done, regulations are complied with, and nothing that should be kept private is revealed.

Kerans was on the phone to let me know about the upcoming release of Agiliance IT-GRC 3.0. Well, “upcoming” at the time, but shipping now. He differentiated Agiliance’s offering from it’s competitors by talking about the new Enterprise Risk Management (ERM) module that enables organizations to model risk scenarios that encompass operational risks as well as traditional financial risks. 

In words only a Marketing VP could utter, he said: “By pulling opinions from multiple stakeholders via Web-based surveys and workshops, across multiple divisions and geographies, and integrated with automated IT risk data from underlying infrastructure, Agiliance IT-GRC 3.0 provides the holistic view and feature set required to implement effective Enterprise Risk Management programs.” That is, the service doesn’t rely on pre-packed data, or “sniffed and analyzed” packets but also actually involves the people who know the organization best to help design the GRC model that, in the end, is implemented.

It’s an interesting approach that requires the involvement of the business side of your organization. It might not be right for everyone, but if it is a good fit for you, then it will be a very good fit.

There’s a whole lot more to the product, of course, much more than we can review here so you’ll have to do that on your own. But it won’t be time wasted.

Free downloads, as noted :

* “Surviving an Identity Audit” a white paper by NetVision’s Matt Flynn“Federation Server vs. Open Source Toolkit” a White paper from Ping Identity“A Guide to Active Directory Replication” Author & teacher Laura E. Hunter’s step by step approach

*

*

Editor's note: Starting Monday, Nov, 12, this newsletter will be renamed "Security: Identity Management Alert." Subscribers to the HTML version of this newsletter will notice some enhancements that will provide you with access to more resources relevant to identity management. You will still receive Dave Kearns' analysis of this market, which you will be able to read in its entirety online at NetworkWorld.com, along with links to relevant news headlines of the day. We hope you enjoy the enhancements and we thank you for reading Network World newsletters.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.