GRC Roll-up: GRC is Good for Application Upgrades, is Iron Mountain Selling Off Its Digital Business?

By David Roe (@druadh20) Apr 20, 2011

While there hasn’t been a lot in terms of new releases this week, the ongoing problems in Iron Mountain are again in the spotlight, while research from both the not-for-profit ISACA, as well as SaaS GRC vendor Compliance 360, shows that compliance will be the major concern for enterprises in the coming 12 months. GRC was also mentioned at last week’s Oracle Collaborate conference.

Will Iron Mountain Sell Digital Business?

Last week, we reported that Iron Mountain (news, site) was going through some difficulties and that it was pulling out of the public cloud storage market. At the top of the company, there has been considerable turmoil with one of its major investors, the Elliot hedge fund, pushing for a change in the direction the company is taking.

This week, it seems there has been some kind of uneasy compromise aimed at calming troubled waters that makes concessions to shareholders, as well as some changes at board level.

However, from an information management perspective, it looks like there could be more changes on the way, with the possibility that Iron Mountain will sell its digital business entirely.

According to a statement issued by the company, Iron Mountain is now “…exploring strategic alternatives for its digital business, including a potential sale of the company’s digital archiving, e-Discovery and online backup and recovery solutions.”

Explaining the possible move, CEO Richard Reese, who only last week took over the position from Bob Brennan after moving from that position in 2008, said it was considering the sale as “…our digital business has faced a number of challenges from a rapidly changing environment…"

A strategic review of the business has been ongoing since last fall, the result of which is the conclusion that the company could not continue investing in technology investments and meet its return requirements.

He also said that it intended to meet “…customers’ digital information management challenges through partnerships.”

The company also noted that there is no assurance that “the exploration of strategic alternatives” for the digital business will result in any transaction.

Unfortunately, in this respect the statement doesn’t add much more and specifically rules out any further indications as to where it is going with this until a decision has been made. Whether this is the result of an internal problem, or a wider problem in a difficult market is not clear, but we should know in the coming months.

How Difficult are Application Upgrades?

GRC was also one of the topics that came up at Oracle’s Collaborate conference last week in relation to application upgrades and the best way to do them.

According to a survey carried out for the Oracle Applications Users Group, GRC management best practices are the most effective tools for mitigating the risks involved in upgrades.

An unspecified majority said that, by using formal GRC methodologies, they could streamline upgrades and minimize the risks, with 56% saying managing operational risk and business process control was a “critical key fact” in their decision to upgrade. Even so, 40% of those who responded said too much staff time is used managing compliance and risk issues. Interested in more?