Getting Our GRC Act Together

Michael Vizard
Slide Show

Five Tips for Easier Data Governance

Five steps you can take to ease the trauma of starting data governance.

In many ways, the technical corollary to governance, risk management and compliance (GRC) is the management of data, systems and security. Unfortunately for most GRC initiatives, IT organizations have a long history of managing data, storage and security in isolation.

At the RSA Conference 2012, EMC is trying to change that with the launch of five new services that combine systems, security and data management to help organizations more effectively manage GRC. Those services include a Trusted Cloud Advisory Service; an Information Governance Advisory Service; a Governance, Risk, and Compliance Advisory Service; a Fraud and Identity Management Advisory Service; and a Mobile Device Security Advisory Service.

According to Mat Allen, senior director for the security and risk management global practice at EMC Consulting, now that risk has become a boardroom issue that gets routinely addressed in any filing for investors, companies are casting about for ways to more effectively manage a GRC process that is frequently disjointed. After acquiring security, systems and data management technologies, EMC is now in a position to deliver a holistic set of GRC services that use its core expertise in storage.

Allen says that GRC is all about managing data as a corporate asset. As more companies become conscious of the true value of their data, more energy and focus is being put on how to secure those assets.

While there's no shortage of consulting services in the GRC space, Allen says that as the technology gets more complicated to manage, the need for IT organizations to rely on consulting service providers that are close to the technology is increasing. The problem, of course, is that, in most companies, no single individual is responsible for GRC, which means before anybody can decide to take a holistic approach to the problem, some practical method for actually implementing and integrating GRC technologies needs to be developed. In many cases, that may not require coming up with the methodology, but rather reusing ones that already exist.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.