Market Report: GRC 2009
Beyond that we expect to see more complete GRC solutions which cover other aspects as well like the management of security events and incidents or availability and business continuity, to fully support the requirements on IT Governance.
Beyond that we as well expect advancements in the integration of enterprise-driven approaches, mainly for risk management (Enterprise Risk Management, ERM) and IT-driven approaches, e.g. IT Risk Management (IRM).
Today there are partial solutions with specific strengths in some of these functional areas. Over the course of the last 12 months, since the first release of this report, there have been significant improvements and several acquisitions. Through internal development and acquisitions we expect to see even more complete solutions in the 12 to 24 month timeframe. Given that the GRC market is growing well beyond average there is a good reasons for vendors to invest in that particular market segment.
We recommend to create a strategy for GRC with focus on short-term tactical investments, accepting the risk of choosing tools which will be replaced within 24 to 48 months, because the advantages are usually far beyond the costs imposed by such investments. Starting 18 to 30 months from now we expect the market to be mature enough for long-term strategic decisions.
|May 02, 2009||
Market Report: GRC 2009
GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. Kuppinger Cole observes an trend towards tools which integrate analysis, attestation, authorization management, risk management, Segregation of Duties controls, and role management…
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Today, companies are increasingly operating on the basis of IT systems and are thus dependant on them. Cyber risks must therefore be understood as business risks. The detection and prevention of cyber security threats and appropriate responses to them are among the most important activities to [...]
The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]