It will come as little surprise to most of you that the overall GRC market is still saturated with relatively small vendors, many of which continue to struggle to maintain their market niches. At the same time, a handful of market leaders (notably BWise, IBM/OpenPages, MetricStream, RSA/Archer, and Thomson Reuters/Paisley) continue to distance themselves from the rest of the pack, while several large competitors (including Oracle, SAP, SAS, Software AG, and Wolters Kluwer) put more and more pressure on the market all the time.
It's been interesting to watch these vendors that competed head-to-head regularly for SOX compliance deals now drifting further apart . . . some focusing more on risk management and analytics, some strengthening their compliance and content offerings, some building deeper integration with IT systems, and others building bridges into audit departments. The current environment of increased government oversight and regulation — and in some cases, reform of whole industries — worldwide promises to bring a strong resurgence to the GRC platform market overall, which means increased competition both from veteran vendors and newcomers alike.
I am very excited to introduce a new report — hot off the press — “Securing An Empowered Enterprise." If you haven’t read “Empowered," I highly recommend that you go here for a summary of this fantastic book by Josh Bernoff and Ted Schadler.
CISOs across the country are telling us that their jobs are becoming increasingly more difficult (as their power to veto is becoming increasingly diminished) when faced with the business’ needs to support consumer technologies, such as social, video, mobile, and cloud. This is the groundswell movement depicted in Bernoff and Schadler’s “Empowered." Bernoff and Schadler described that businesses are empowering their employees with these new technologies to optimize operations or better serve customers. In this era of empowerment, corporate data are going into the cloud. Mobile devices are edging out traditional PCs; social technologies are enabling ad hoc collaborations anytime, from anywhere. As a result, the enterprise risk landscape has changed and will change further.
My report, “Securing An Empowered Enterprise," co-authored with Ted Schadler, takes a look at the consumerization phenomenon from the eyes of an IT security professional. We interviewed many security and business folks; two things stood out from all the interviews:
Empowerment is a challenge worth tackling. The empowered movement is an important source of innovation for the organization. At the same time, this represents an opportunity to reinvent the role of IT security from a back-office function to a crucial business function — the fulcrum for innovation.