Much is said and written about governance, risk management and compliance (GRC), but we're still nowhere near the level of GRC automation that we should be.
As GRC products and technologies consolidate, they will become more tightly coupled with an assortment of applications, systems and security management tools. The end result should be the ability to execute a policy in a GRC system and have it automatically distributed to and acted on by management tools.
We should also be able to start generating "heat maps" that show not only where policies are being violated at any given moment, but also which areas are most susceptible to being attacked. It will become a lot easier to detect anomalies that could signal all kinds of potential illicit activity.
This is part of what Alex Bender, vice president of marketing for Archer Technologies, expects to see now that EMC is moving to acquire the company . When his company becomes part of EMC's RSA unit, Bender sees the ability to leverage RSA security frameworks and EMC data management software as key components of next-generation automated GRC deployments.
That might take a while, but given the current state of the GRC art, we're a long way from delivering on the real potential of GRC. In the meantime, we hear all too often about malfeasance that could have been prevented with a better GRC system.