Archive for the ‘Annoucements’ Category
Agiliance recognized as top GRC vendor by Gartner two years running
Filed under: Annoucements | Tags: Agiliance, Automation, Gartner, GRC
Leave a Comment 
Pravin Kothari
This is that time of the year when all the IT GRC vendors hold their breath to see how they are ranked in the Gartner IT GRCM MarketScope. I’m happy to say that for the second year in a row, Agiliance RiskVision has received the highest possible rating of “Strong Positive”. Not only have we retained the highest ranking from last year, we scored at the top for all three core IT GRC capabilities. As a result, we have further separated from other vendors in terms of having the most capable IT GRC solutions. Here are the actual scores:
- Controls and Policy Mapping: 5.0 out of 5.0, highest of all vendors
- Automated General Computer Controls Collection: 5.0 out of 5.0, highest of all vendors
- IT Compliance Dashboard: 4.5 out of 5.0, highest of all vendors
This also gives us the highest score of 4.8 out of 5.0 for the Automated Technology Control Assessment use case. This is a very important accolade because the true value of IT GRC solution lies in the automation. The GRC market is quickly maturing to focus on the Risk component. Risk is dynamic and inherently real time, especially when it comes to IT and security risks. As business processes continue to be automated and data become electronic, every single risk in the enterprise will be correlated to IT and security risks. Thus, it is impossible to manage enterprise risk unless you can manage risk in real-time, and managing risk in real-time requires end-to-end automation. Of all the IT GRC technology components, automated technology control and risk assessment are by far the most difficult to build. This type of automation requires highly scalable engines to perform real time data correlation and calculation across large data sets. I would like to give kudos to my Agiliance engineering team for achieving the highest score on the toughest portion of the evaluate criteria.
Two major changes are noteworthy in this year’s MarketScope. The first is the inclusion of some EGRC vendors and the addition of Financial and Operations GRC Support as the fourth Critical Capabilities. This change is somewhat controversial, because it is based on the hypothesis that the traditional EGRC and IT GRC markets as we know them today will converge into one. While there are signs of that buying pattern, we also see a very strong trend that indicates possible convergence of IT GRC with security and configuration management products. The two different trends are driven by the two different buying centers. CFO and internal audit are the buying centers for EGRC solutions. They are now asking for more in-depth and timely data from IT, thus driving the EGRC solutions to include better IT GRC capabilities. However, CFO and internal audit do not look for the very granular and real time data that CIO and CSO need, so for the CFO buying center, some limited extension of EGRC solutions maybe all that is required. There maybe more IT data, but the data is still static and high level. CIO and CSO on the other hand, are the buying centers for security and configuration management and now IT GRC solutions. CIO and CSO look for real-time risk management and situational awareness with continuous connectivity to the IT infrastructure. CIO and CSO need GRC solutions that can support IT operational requirements. A pure survey and workflow based solution maybe useful to check-the-box for compliance needs, but it is of no practical use as an IT operations tool. So how important is EGRC requirements when you are looking for an IT GRC solution? It depends on what is your function and what are you looking to achieve with the solution.
The second change in this year’s MarketScope is that Garter has done away with the Out-of-the-Box vs. Rapid Development Platform differentiation. The new differentiation is Top-Down vs. Bottom-Up. This new differentiation is a good way to capture the difference between the EGRC vendors and the IT GRC vendors. It is a short-hand to summarize the different buying centers needs we discussed above. The CFO and audit approach is top-down with little detail from IT and security. Top-down approach provides a nice enterprise wide picture quickly, but lacks details and is not capable of reflecting the real-time nature of risk. Bottom-up provides the real-time visibility and ability to react, but can be more narrowly focused on just IT risks. Most organizations will need a combination of both Top-Down and Bottom-Up approaches to be effective. Today no one solution can meet the needs of both buying centers and it is likely that no one solution ever will. The best approach for most organizations is still to buy the best of breed solution based on requirements and roadmap. For CIO and CISO we talk to, they are looking for a strong automation GRC platform that can integrate to their existing IT and security management tools to provide real-time visibility and operations support. They also want the tool to have very good Top-Down capabilities to support process centric use cases. This was my goal when I founded Agilinace years ago and it’s gratifying to have Gartner validate that our solution and approach is a great fit for our target market of CIO and CSO.
BMC Viewpoint’s Special Issue on IT GRC
Filed under: Annoucements, Best Practice | Tags: compliance, risk
Leave a Comment 
Pravin Kothari
BMC’ Viewpoint magazine’s latest issue is all about IT GRC. It has some interesting articles from contributors inside and outside of BMC. I wrote an article titled “The Big Picture: Beyond Compliance to Risk Management”. You can check it out by request a free copy from BMC here: BMC Viewpoint
Agiliance’s New Privacy Manager Product
Filed under: Annoucements, Industry | Tags: Agiliance, data privacy, privacy
Leave a Comment Pravin Kothari
I usually don’t write about Agiliance business and products in this blog. I’ll make an exception today since we launched a brand new product last week. On Wednesday we added Privacy Manager to our suite of 7 GRC applications. You can read about it in our press release as well as the product page. Network World also did a very nice article on the challenges and best practices for privacy management and our new product. This is an exciting new product for us. Privacy protection is a serious issue and impacts all of us in very real ways. We as citizens, consumers, and patients need all organizations that hold our personal data to take privacy protection seriously and invest in proper privacy protection programs. I believe we are the very first vendor to offer a unified privacy management solution on the market. This new Privacy Manager product continues Agiliance’s track record of innovation.
Here at Agiliance we are fortunate to have many great partners and customers that work closely with us on our products. Privacy Manager is no exception. I would like to thank the following organizations and individuals for providing us the guidance during the development of this new product:
- Mike Gurski and his team at Bell Canada’s Privacy Center of Excellence
- Kristen Knight, Director of Privacy Compliance at Philips Medical
Welcome to our new blog
Pravin Kothari
Welcome to our blog! I’m Pravin Kothari, Founder and CTO of Agiliance, and previously cofounder & VP Engineering of ArcSight. I have been working with security, risk and compliance technologies for the last 10+ years and have pioneered many of the innovations with these technologies.
If you’re reading this blog, you’re probably interested in the subject of GRC, Governance, Risk and Compliance. This is a different kind of GRC blog. Our focus here is not to debate or interpret the regulations and mandates. We’re not here to discuss high-level and business challenges in managing a GRC program. There is plenty of quality coverage on those topics already. Also, this is certainly not a vendor pitch. We are here to discuss all things technology as related to GRC, a topic that is rarely discussed, but is really important, such as technology challenges, approaches, and practices around broad set of technologies that can be leveraged to make the GRC processes more reliable and efficient and to improve the governance. Given the rapid increase in regulatory requirements especially around technology such as the new HITECH Act for privacy protection, new enforcements around NERC and HIPAA, industry mandates such as PCI, and also the increased pressure for data protection, today’s enterprises are under tremendous pressure to manage their technology side of GRC processes better. Technology brings a new set of challenges to GRC programs, but it also plays a key role in improving the efficiency and data protection. As with any other type of technology, there are more than a few options out there and each has strengths and weaknesses and not every technology is suitable for every problem. We will attempt to discuss some of these different options. Given the nature of GRC, system integration and data integration are a big part of any technology discussion, so we’ll be talking about that as well.
If you are involved in any GRC program or initiative, whether as an enterprise employee or as a consultant, whether as a technologist or someone who is interested in the technologies, we invite you to join the discussion. We welcome your comments and perspective. Let’s collaborate and make each other more informed.
