In the GRC space this week, the big news has to be that Google is offering cheap e-Discovery with its Google Apps. However, there are more nuggets in Lockpath’s survey of risk, while a number of GRC acquisitions this week are worth noting.

Google Enters e-Discovery Space

Google is entering the e-Discovery space. In a blog post from last week by Jack Halprin, Head of eDiscovery at Google, we got a look at what Google is offering

The new app, called Google Apps Vault (to be known in future as Vault), is an easy-to-use and cost-effective solution for managing information critical to businesses and preserving important data.

We all know the value of e-Discovery, so let’s leave that aside. According to Halprin, Vault provides access to all of your Gmail and on-the-record chats

It also offers Google Apps customers the extended management and information governance capabilities to proactively archive, retain and preserve Gmail and on-the-record chats.

On top of that, for management, IT, legal and compliance users, Vault comes with a service designed for security and providing auditable access to critical information.

Vault is built on the same web-based architecture as Google Apps and can be deployed quickly. Google Apps Vault can be added to Google Apps accounts for an additional $5 per user per month. If you’re interested in more check out the introduction video.

Lockpath’s Survey of Risk

Also this week, new research shows that despite facing moderate-to-high risk levels, a quarter of compliance and risk professionals have yet to put a product in place to manage these risks.

According to Lockpath, which carried out a survey of over 175 compliance and risk practitioners from across the United States, there is a disconnect between the major compliance challenges for organizations and their ability to manage them.

Of the risk and compliance practitioners surveyed, 83.6% consider their organization’s risk level to be moderate-to-high.

Additionally, 78% say there has been an increase in the regulations they have been forced to comply with over the past year. Not surprisingly, remaining current on federal and state laws is a top priority for organizations in 2012. In spite of the need to stay on top of compliance, 26% of respondent have no tools or procedures in place at all. Of the remaining 75%, 32% use homegrown solutions.

It also found that the larger the organization, the higher its perceived risk level appears to be. Only 6.5% sized businesses consider their risk level to be high, compared to 15.9% of mid-range companies and 25.6% of enterprises.

Interestingly, mid-range companies (81.3%) are slightly more likely than either SMBs (65.4%) or enterprises (71.4%) to have a risk and compliance process already in place.

When asked about their top IT priorities for 2012, respondents viewed minimizing data breaches and litigation as most critical.

GRC Acquisitions

There was quite a lot of buying and selling in the GRC space this week. Some of the notable events include:

TIBCO Buys LogLogic

Infrastructure vendor TIBCO has announced that it is buying LogLogic, which offers scalable log and security management platforms specifically designed for the enterprise and cloud. The acquisition will expand TIBCO's operational intelligence offerings while providing customers the ability to proactively monitor real-time events and assess risks.

ICG Buys MSDSonline

The ICG Group has announced that it has bought MSDSonlin. Based in Chicago, MSDSonline offers a suite of cost-effective, cloud-based solutions that help environmental, health and safety (to efficiently manage and reduce potential workplace and environmental hazards as part of their overall social responsibility and compliance programs.

Serving an estimated US$ 650 million market, most of which is still paper-based, the MSDSonline solution integrates a robust suite of capabilities that automates material safety data sheet (MSDS) management on one platform. ICG paid approximately US$ 48 million for a 96% primary ownership stake, with MSDSonline management owning the residual.

ICG's Government and Compliance Group, which includes GovDelivery and MSDSonline, is made up of technology companies that serve the government or automate adherence to government compliance regulations.

PwC State of the Internal Audit Profession

Finally, if you missed it this week, Norman Marks took a look at PwC’s 2012 State of the Internal Audit Profession and shows that many feel their business faces more risks than ever before and the consequences become apparent more quickly.

Marks points out that, rather than pointing out that internal audit teams need to assess and help improve risk management programs, PwC has focused on telling internal auditors to improve their understanding of the “organization’s risk landscape."