Agiliance, a provider of a platform for managing governance, risk management and compliance (GRC), plans to integrate a managed service from Qualyswith its RiskVision 5.0 platform that automates the discovery of security vulnerabilities.
According to Agiliance CEO Joe Fantuzzi, the ability to integrate a security vulnerability service with a GRC platform will create a closed loop system for dealing with remediation. One of the major differentiations of the Agiliance platform is that it ranks vulnerabilities relative to their risk to the business, said Fantuzzi.
The challenge that most IT organizations have is that while they can discover vulnerabilities, they have no idea which vulnerabilities should be a priority to fix given their relative threat level to the business. In most cases, IT organizations will be able to fix a vulnerability via the Agiliance remediation engine.
Some level of convergence between GRC and security is inevitable given that many governance issues stem from security issues that have been left unaddressed. Fantuzzi says that as GRC and security evolve, it will become more apparent that IT organizations will try to better manage their security risks and budgets by applying more governance to the overall process.