Market Report: GRC 2009
Beyond that we expect to see more complete GRC solutions which cover other aspects as well like the management of security events and incidents or availability and business continuity, to fully support the requirements on IT Governance.
Beyond that we as well expect advancements in the integration of enterprise-driven approaches, mainly for risk management (Enterprise Risk Management, ERM) and IT-driven approaches, e.g. IT Risk Management (IRM).
Today there are partial solutions with specific strengths in some of these functional areas. Over the course of the last 12 months, since the first release of this report, there have been significant improvements and several acquisitions. Through internal development and acquisitions we expect to see even more complete solutions in the 12 to 24 month timeframe. Given that the GRC market is growing well beyond average there is a good reasons for vendors to invest in that particular market segment.
We recommend to create a strategy for GRC with focus on short-term tactical investments, accepting the risk of choosing tools which will be replaced within 24 to 48 months, because the advantages are usually far beyond the costs imposed by such investments. Starting 18 to 30 months from now we expect the market to be mature enough for long-term strategic decisions.
|May 02, 2009||
Market Report: GRC 2009
GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. Kuppinger Cole observes an trend towards tools which integrate analysis, attestation, authorization management, risk management, Segregation of Duties controls, and role management…
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Recently, I came across a rather new and interesting standardization initiative, driven by the NSA (U.S. National Security Agency) and several industry organizations, both Cyber Defense software vendors and system integrators. OpenC2 names itself “a forum to promote global development and [...]
Today, the Cyber Defence Center (CDC) or Security Operations Center (SOC) is at the heart of enterprise security management. It is used to monitor and analyze security alerts coming from the various systems across the enterprise and to take actions against detected threats. However, the rapidly growing number and sophistication of modern advanced cyber-attacks make running a SOC an increasingly challenging task even for the largest enterprises with their fat budgets for IT security. The overwhelming number of alerts puts a huge strain even on the best security experts, leaving just minutes [...]