GRC Convergence Cometh

Michael Vizard

One of the problems with the whole concept of governance, risk management and compliance (GRC) is that it encompasses so much territory. As such, the entire GRC sector is ripe for consolidation, as evidenced by EMC's decision this week to acquire Archer Technologies.

The whole GRC sector has been steadily moving toward the concept of suites, as evidenced by offerings from OpenPages and CA. But those suites are really only a precursor to a much larger consolidation. The question is, what will the GRC market look like after that consolidation?

The folks at OpenPages, which helped pioneer much of the GRC concept, expect that EMC's move to acquire Archer will serve as a wake-up call to the rest of the industry. Companies such as Hewlett-Packard, Symantec, IBM and others are all expected to get much more focused on GRC in 2010.

According to OpenPages vice president of marketing Gordon Burnes, the GRC market should shape up much like the systems management market, where there are lots of specific tools, but only a few comprehensive frameworks. In the end, OpenPages expects to be seen as a GRC information framework under which a variety of GRC tools, including offerings from Archer Technologies, fit.

Of course, every vendor in the GRC space has ambitions to be the top dog. But right now, it's almost anybody's game. The good news is that with more acquisitions, more focus will be put on an area that needs a lot more development in terms of becoming a mature IT sector.

Add Comment      Leave a comment on this blog post
Jan 28, 2010 1:10 AM Raef Meeuwisse Raef Meeuwisse  says:

A good article.

As a GRC vendor ourselves, there are 3 primary challenges:

1) The number of definitions being applied to integrated or comprehensive governance, risk management and compliance.  (Like an ink-blot test, often the description is transformed to match the product.)

2) The fact a lot of vendors don't appear to actually have an operational product, capable of showing an enterprise-wide, fully unified and comprehensive grc solution in action now.  (Why not post a demo online like us?) - They often seem to sell "build-your-own" concept consultancy

3) Much re-inventing of the wheel - instead of consolidating proven grc know-how and techniques.

The term "GRC" does cover alot of territory - but when run effectively it also creates enormous improvements in reducing the number of systems, increasing operational efficiencies and creating phenomenal compliance transparency.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.