GRC: Going beyond IAM
GRC (Governance, Risk Management, Compliance) has become a major business driver for IT. That isn't surprising. Beyond the legal requirements in becoming compliant to specific regulations like SOX, Euro-SOX, Basel II or the German BDSG (Data Privacy Law), to name just a few, Governance is the overall guideline for managing any organization. Compliance and Risk Management - defining, measuring, and handling the risks - are the two major aspects of Governance. IT, on the other hand, provides the tools for efficiently achieving the targets of GRC initiatives. Besides this, IT is a target for GRC initiatives because there are specific IT risks and compliance requirements. IT Governance, thus, is a major part of the overall Enterprise Governance.
During the last years, we've seen a fast-growing numbers of tools which claim to support in GRC or even to solve the issues the organizations are facing in GRC. Some entirely new market segments like Identity Risk Management evolved.
Interestingly, while not surprising, many of the tools in the GRC market deal with digital IDs. Business Role Management, e.g. assigning roles to users and, at the end, granting access rights to roles, is one area of such tools. SoDs (Segregation of Duties), Attestation of access rights, and the entire Auditing space are others. Some specific GRC implementations even support the provisioning and de-provisioning of accounts in connected systems.
Simply spoken, you can't address the GRC requirements successfully without a strong IAM backing. But GRC goes well beyond IAM, being a much more business-focused layer on top of the three main pillars of IT infrastructure, e.g. IAM, BSM, and SOA (as the commonly used synonym for the application infrastructure).
GRC is one of our most important research areas. This includes not only the specific applications for GRC, Identity Risk Management, or Business Role Management and SoDs, but covers as well the GRC-relevant aspects of Enterprise Content Management and industry-specific GRC solutions.