This week in the GRC space, HP continues its cloud charge, SOA offers governance for .NET web services, Perimeter offers email compliance across Office 365, Norman Marks from SAP talked to us about GRC for life and Avior upgrades its GRC suite.

HP Expands Enterprise Security Solutions

Fresh from announcing that it is getting out of the hardware market, HP continues its headlong charge into cloud computing this week with the announcement that it is expanding its Enterprise Security Solutions portfolio.

The objective here is to help enterprises establish and execute a comprehensive security strategy that addresses threats and potential liabilities resulting from the rise of mobility, cloud computing and social media.

By combining the capabilities of bought with ArcSight, Fortify and TippingPoint, HP offers the HP Security Intelligence and Risk Management platform, which comes with advanced correlation, application protection and network defense technology to protect applications and IT infrastructures from cyber threats.

The idea behind the offerings is to provide security solutions that cover an enterprise's security needs rather than selling single solutions for a single problem. This new approach allows HP to provide customers with information about new threats while working within existing infrastructures.

SOA Offers Web Services Governance

Meanwhile, cloud governance vendor SOA has announced the new release of Service Manager, providing unified SOA governance automation for Microsoft's Enterprise SOA platform.

The new products manage Web services on Windows Communication Foundation (WCF), BizTalk Server, and ASP.NET, offer greater automation of deployment, expanded autodiscovery of Web services and improved governance of Web services across a heterogeneous SOA environment.

SOA Software's Service Manager makes services exposed from applications running on WCF, BizTalk Server, ASP.NET and Azure visible to and compliant with enterprise policies defined, enforced and audited across other platforms.

Services from IBM, Oracle, Red Hat, SAP and others become visible to and compliant with enterprise policies defined and enforced across WCF, BizTalk, ASP.NET and Azure applications.

Unified governance automation from SOA Software spans the enterprise service lifecycle at the architecture planning stage. Repository Manager provides governance and policy definition for the development stage of the lifecycle, while Service Manager and Policy Manager provide monitoring, management and policy enforcement at runtime.

Perimeter Offers Office Compliance

Perimeter E-Security has launched its Compliance and Continuity Suite for Microsoft Office 365 with enhanced continuity and e-Discovery capabilities for securely capturing and storing all incoming and outgoing messages.

With Perimeter E-Security's Compliance and Continuity Suite for Office 365, organizations can archive every email message, preserve uptime and increase the accuracy of internal and external compliance reviews. Using Perimeter's automated compliance workflow system, Office 365 customers can reduce risk and allow administrators to identify potential compliance violations before they occur.

Perimeter's Compliance and Continuity Suite for Office 365 builds on the same technology that powers the Company's SaaS Secure Messaging Suite 6.0.

Released in July 2011, Secure Messaging 6.0 is a secure cloud messaging solution with support for Microsoft Exchange 2010.

GRC is for Life

This week in CMSWire, Norman Marks, GRC VP at SAP BusinessObjects, explained why GRC is not just a quarterly affair, but something that needs to be considered every day.

The only way risk management has value is if it affects the way you do business, he says. It must influence decisions and actions; otherwise, it is no more than decoration. Risk management should not be a “check-the-box” activity. Used well, it can help an organization achieve and sustain optimal long-term performance.

To be effective in managing risks, an organization needs not only to understand and assess its risks, but it needs to have a culture that embraces the active consideration of risk. 

Avior Upgrades GRC Offering

Also this week, GRC vendor Avior has announced the availability of a new version of Avior BenchMark, the company's flagship compliance automation solution.

The upgrade eliminates the restrictions in the forms-based approach used in earlier versions, lays the architectural foundation for easier customization and efficient addition of new features and allows the system to gather data from external applications via an automated data interchange.

Its user-based approach enables dynamic roles and greater flexibility in workflows, along with customizable system password rules to enhanced security.

Access control has been improved to ensure security of the system and support the expanded user roles. It also offers new dynamic roles and associated workflows for requesters, responders, departments and vendors/affiliates.

It also supports a new report library organization, which supports a larger number of assessments assigned to various projects.