Announcing The Forrester Wave: Governance, Risk, And Compliance Platforms, Q1 2014

Chris McClean

It’s once again time to tear open the GRC platform market and uncover all its amazing technical innovations, vendor successes, and impact on customer organizations. This afternoon, we published our latest iteration of the Forrester Wave: Governance, Risk, And Compliance Platforms.

My esteemed colleagues Renee Murphy and Nick Hayes joined me in a fully collaborative, marathon evaluation of 19 of the most relevant GRC platform vendors; we diligently pored through vendor briefings, online demos, customer reference surveys and interviews, access to our own demo environment of each vendor’s product, and as per Forrester policy, multiple rounds of fact checking and review. The sheer amount of data we collected is incredible.

No Longer Two Separate Waves

Many of you may remember that we published two Forrester Waves last time around: one for Enterprise GRC platforms and one for IT GRC platforms. As discussed in previous research, the lines between these distinct submarkets have been eroding for some time, and now it’s no longer worth separating the two.

Read more

Cold War Security: Four Phones, Two Doors, A Scrap Of Paper, And A Lighter

Renee Murphy

Outside of Tempe is a place called Sahuarita, Arizona. Sahuarita is the home of Air Force Silo #571-7 where a Titan missile, that was part of the US missile defense system and had a nine-megaton warhead that was at the ready for 25 years, should the United States need to retaliate against a Soviet nuclear attack.  This missile could create a fireball two miles wide, contaminate everything within 900 square miles, hit its target in 35 minutes, and nothing in the current US nuclear arsenal comes close to its power. What kept it secure for 25 years? You guessed it...four phones, two doors, a scrap of paper, and a lighter. 

Photo Credit: Renee Murphy

Technology has grown by leaps and bounds since the cold war. When these siloes went into service, a crew supplied by the Air Force manned them. These men and women were responsible for ensuring the security and availability of the missile. Because there was no voice recognition, retinal scanning, biometric readers, and hard or soft tokens, the controls that were in place were almost entirely physical controls. All of the technology that we think of as keeping our data and data centers secure hadn’t been developed yet. It is important to note that there was never a breach. Ever.

It might be an occupational hazard, but I can relate almost anything to security and risk management, and my visit to the Titan Missile Museum at AF Silo #571-7 was no exception. The lesson I took from my visit: there's room for manual controls in security and risk management. 

Read more

Implement A Successful GRC Program With Forrester's Governance, Risk, and Compliance Playbook

Chris McClean

I’m proud to announce that this week Forrester launched our Governance, Risk, and Compliance Playbook, a collection of in-depth reports covering the critical information you need to implement a successful GRC program… one that focuses on supporting business success, not getting in its way.

First, because risk and compliance are always such quickly moving targets, we included reports to help you plan for the future of GRC and build a business case for why it’s important to invest in your program now.

Next, to make sure your GRC plan is comprehensive and can achieve success, we offer guidance on creating a GRC strategy and making sense of the very complicated GRC technology landscape.

Read more

Avoid The Headlines, Focus On Corporate Culture

Chris McClean

Guest post from Researcher Nick Hayes.

Chris and I recently published a report describing how to build risk and compliance principles into your company’s corporate culture. As we worked to finalize, edit, and publish the report, a flurry of new corporate scandals emerged, all related to this topic.

Here are just a few of them:

  • Wal-Mart executives accused of trying to hush up bribery cases in Mexico (article here).
  • A whistleblower accuses Infosys of engaging in a systematic practice of visa fraud (article here).
  • A former Goldman Sachs employee writes an op-ed for the New York Times blasting the company’s ethics (article here).
  • JP Morgan suffers a $2 billion trading loss due to “poorly monitored” trades (article here).
Read more