GRC just keeps ticking away. By far the biggest thing this week was the release of this year’s Gartner’s GRC Magic Quadrant, while Symantec finally kept good on its earlier promise and released Enterprise Vault 10. Android security was also under the microscope by Lockout, while Lockpath and Network Frontiers released a badly needed dictionary of compliance. We also looked at process and policy in e-Discovery.

Magic Quadrant Identifies GRC Market Trends

Earlier on in the week, we managed to get our hands on Gartner’s Magic Quadrant in the GRC space. A lot of reports and research come out every week in GRC, but this has to be the big one, in that it gives users an idea of where vendors stand in terms or products.

It also takes a look at the market, which this year Gartner says shifted from a tactical focus on regulatory compliance to a wider focus on enterprise risk management.

It also identified a number of specific trends, including the fact that many companies, in light of recent developments in areas such as finance, are looking for better corporate governance and compliance, with many of those looking to consolidate all their GRC functions onto one platform.

Companies are looking at this through the perspective of one standard, such as Sarbanes-Oxley (SOX) compliance, or across regulations applied to specific industries. Interested in more?

Symantec Releases Enterprise Vault 10

Symantec (news, site) kept good on its promise earlier in the year to release Enterprise Vault 10 this week, which comes with data loss prevention technology to analyze Microsoft Exchange email content and metadata to help determine the archiving and retention strategy for all messages. 

For social media-obsessed companies, it also comes with the ability to archive social media interactions for compliance and e-Discovery purposes.

The Data Classification Service feature of Enterprise Vault 10 uses Symantec’s data loss prevention technology to classify the email and assign an appropriate archiving and retention policy.

Classifications can also be used as filters to speed the search and review process for e-Discovery. Additionally, customers who have implemented Symantec Data Loss Prevention can share classification policies to simplify the automated classification of information. There’s far too much in this to give it justice here, so check it out at the Symantec website.

LockPath, Network Frontiers’ Compliance Dictionary

Here’s something that has been badly needed for a long time, but, given its subject matter, will needed to be updated regularly. Network Frontiers, which came up with the Unified Compliance Framework (UCF), and GRC vendor LockPath, have jointly released the first online Compliance Dictionary.

The Compliance Dictionary is the only lexicon of its kind, online or off, the companies say. The idea behind it is that, while there are many glossaries associated with specific compliance regulations, each uses its own definitions and terminology, which can add to the confusion, cost and wasted time associated with managing compliance.

Even small variances in language, including misspellings and typos, can make it difficult, and sometimes impossible, to properly configure the automated compliance tools many organizations now rely on. For example, what is the difference between an “active recovery site” and a “mirrored site”? Don’t know? Well, you can find out. The dictionary is accessible free here.

Androids Under Threat?

Meanwhile, Android security was also in the news this week with the new report from Lockout Mobile Security. According to its 2011 report, the rise in the use of smartphones is being accompanied by an increase in malware.

Both web-based and app-based threats are increasing in prevalence and sophistication. Android users are two and a half times as likely to encounter malware today than six months ago and three out of ten Android owners are likely to encounter a web-based threat on their device each year.

An estimated half million to one million people were affected by Android malware in the first half of 2011; Android apps infected with malware went from 80 apps in January to over 400 apps cumulative in June 2011. You can find a copy of the report here.

Policy, Process in GRC

Finally this week, we took a look at the maturing of the e-Discovery marketplace, and the role policy and process plays there as well.

With events occurring this year, such as the first Gartner e-Discovery Magic Quadrant and Symantec's acquisition of Clearwell Systems, it's obvious that the e-Discovery tools business has hit the big time.

No longer does it seem solely the purview of wizened gnomes in basements meticulously poring through scanned documents, but is now something that could be done swiftly and automatically by machines.

No less an authority than John Markoff of the New York Times wrote earlier this year about how "armies" of attorneys were being replaced by software, which was not only faster but more accurate. One organization used e-Discovery software to reanalyze work company lawyers did in the 1980s and ’90s and found they had been only 60% accurate. Interested in more