emc_logo_2009.gif
 Last January, EMC (news, site) bought GRC vendor Archer. This January, EMC outlined how it viewed GRC in the coming years and how Archer would fit into that. The result is the RSA Archer eGRC Management Platform, which provides a basis of EMC’s newly formulated GRC strategy.

That is not to say EMC hasn't been doing a lot of thinking about governance, risk management and compliance, because it has, especially across its security software wing RSA (news, site).

Speaking to CMSWire before the launch, Alex Bender, director of GRC programs and strategies,  explained that while EMC is releasing the next generation of Archer eGRC Management Platform -- which will be updated periodically over the coming year -- the platform is also part of a wider strategy that will see developments across four areas, as well as new advisory services.

EMC and Archer

This current news began last year with the Archer acquisition, after which it was added to RSA. This added policy management, as well as risk and compliance software, to the traditional security management software already at RSA.

With GRC being one of the areas in information management expected to grow due to increased regulatory demands, vendors need to consider how they will offer it to businesses. EMC has chosen the acquisition route, picking up a company already well versed in the ins and outs of GRC, to fulfill their needs.

Archer had a number of out-of-the-box solutions for policy, risk, compliance, enterprise, incident, vendor, threat, business continuity and audit management, all built on the SmartSuite. With this acquisition, so does RSA.

EMC’s GRC Strategy

So what is the new strategy? The first thing it aims to do is make GRC in enterprises more agile. You remember agile -- a way of not just managing information, but also of managing it to be able to respond to rapid changes taking place in the market.

EMC_eGRC platform.jpg

EMC's Archer eGRC Management Platform

Supported by a new set of EMC advisory services that balance business risk and responsiveness, EMC’s eGRC strategy includes an open platform, technology solutions, an active user community and partners. This is intended to provide a holistic view of an organization’s risk and compliance profile.

This open platform will take all of EMCs’s GRC offerings and unify them, Bender said. This means an enterprise can adapt components to its needs, as well as build applications that can be integrated with existing systems without having to alter code.

Development Areas

EMC will be building around four business areas over the coming months (and, presumably, years). Based around the common management platform and its GRC content library, the areas are:

  • Business Solutions: eGRC Business Solutions to help enterprises create an integrated program across enterprise departments, including IT, finance, operations and legal.
  • Information Governance: A group of modular information management software packages that offer enterprises content visibility and manage information-based risk.
  • Business Continuity & Disaster Recovery: Centralized disaster recovery planning built around EMC’s Enterprise Business Continuity software.
  • Advanced Security Management: A collection of solutions and services that combines the RSA Archer eGRC Platform with technologies covering security information, event management, data loss prevention and  fraud awareness.

The solutions are intended to help an enterprise break down silos and provide one view of its information, as well as the risk to it and compliance issues.

GRC Services

The final part of the strategy is EMC's extension of its services toward building and implementing GRC programs.

Expanded eGRC Advisory Services include:

  • GRC Strategy, Maturity Assessment and Roadmap services
  • GRC program implementation services using the RSA Archer eGRC platform

Behind this will be the Archer eGRC Community of more than 5,000 GRC professionals who can suggest product enhancements, as well as identify trends that could help guide the RSA Archer product roadmap. Interesting times ahead in this critical space, so watch out for a lot more from EMC in this regard.