Archive for the ‘Agiliance’ Tag
Agiliance recognized as top GRC vendor by Gartner two years running
Filed under: Annoucements | Tags: Agiliance, Automation, Gartner, GRC
Leave a Comment 
Pravin Kothari
This is that time of the year when all the IT GRC vendors hold their breath to see how they are ranked in the Gartner IT GRCM MarketScope. I’m happy to say that for the second year in a row, Agiliance RiskVision has received the highest possible rating of “Strong Positive”. Not only have we retained the highest ranking from last year, we scored at the top for all three core IT GRC capabilities. As a result, we have further separated from other vendors in terms of having the most capable IT GRC solutions. Here are the actual scores:
- Controls and Policy Mapping: 5.0 out of 5.0, highest of all vendors
- Automated General Computer Controls Collection: 5.0 out of 5.0, highest of all vendors
- IT Compliance Dashboard: 4.5 out of 5.0, highest of all vendors
This also gives us the highest score of 4.8 out of 5.0 for the Automated Technology Control Assessment use case. This is a very important accolade because the true value of IT GRC solution lies in the automation. The GRC market is quickly maturing to focus on the Risk component. Risk is dynamic and inherently real time, especially when it comes to IT and security risks. As business processes continue to be automated and data become electronic, every single risk in the enterprise will be correlated to IT and security risks. Thus, it is impossible to manage enterprise risk unless you can manage risk in real-time, and managing risk in real-time requires end-to-end automation. Of all the IT GRC technology components, automated technology control and risk assessment are by far the most difficult to build. This type of automation requires highly scalable engines to perform real time data correlation and calculation across large data sets. I would like to give kudos to my Agiliance engineering team for achieving the highest score on the toughest portion of the evaluate criteria.
Two major changes are noteworthy in this year’s MarketScope. The first is the inclusion of some EGRC vendors and the addition of Financial and Operations GRC Support as the fourth Critical Capabilities. This change is somewhat controversial, because it is based on the hypothesis that the traditional EGRC and IT GRC markets as we know them today will converge into one. While there are signs of that buying pattern, we also see a very strong trend that indicates possible convergence of IT GRC with security and configuration management products. The two different trends are driven by the two different buying centers. CFO and internal audit are the buying centers for EGRC solutions. They are now asking for more in-depth and timely data from IT, thus driving the EGRC solutions to include better IT GRC capabilities. However, CFO and internal audit do not look for the very granular and real time data that CIO and CSO need, so for the CFO buying center, some limited extension of EGRC solutions maybe all that is required. There maybe more IT data, but the data is still static and high level. CIO and CSO on the other hand, are the buying centers for security and configuration management and now IT GRC solutions. CIO and CSO look for real-time risk management and situational awareness with continuous connectivity to the IT infrastructure. CIO and CSO need GRC solutions that can support IT operational requirements. A pure survey and workflow based solution maybe useful to check-the-box for compliance needs, but it is of no practical use as an IT operations tool. So how important is EGRC requirements when you are looking for an IT GRC solution? It depends on what is your function and what are you looking to achieve with the solution.
The second change in this year’s MarketScope is that Garter has done away with the Out-of-the-Box vs. Rapid Development Platform differentiation. The new differentiation is Top-Down vs. Bottom-Up. This new differentiation is a good way to capture the difference between the EGRC vendors and the IT GRC vendors. It is a short-hand to summarize the different buying centers needs we discussed above. The CFO and audit approach is top-down with little detail from IT and security. Top-down approach provides a nice enterprise wide picture quickly, but lacks details and is not capable of reflecting the real-time nature of risk. Bottom-up provides the real-time visibility and ability to react, but can be more narrowly focused on just IT risks. Most organizations will need a combination of both Top-Down and Bottom-Up approaches to be effective. Today no one solution can meet the needs of both buying centers and it is likely that no one solution ever will. The best approach for most organizations is still to buy the best of breed solution based on requirements and roadmap. For CIO and CISO we talk to, they are looking for a strong automation GRC platform that can integrate to their existing IT and security management tools to provide real-time visibility and operations support. They also want the tool to have very good Top-Down capabilities to support process centric use cases. This was my goal when I founded Agilinace years ago and it’s gratifying to have Gartner validate that our solution and approach is a great fit for our target market of CIO and CSO.
Takeaways from the Customer Advisory Board
Filed under: Best Practice, Industry | Tags: Agiliance, Industry
Leave a Comment Pravin Kothari
I just returned home from a week in Washington DC where we held a regional Customer Advisory Board meeting and a CISO Roundtable event.
It was great to spend time with some of our customers from up and down the east coast and even one all the way from Utah. Significant number of our customers from various industries including financials, healthcare, federal, Canada, etc. attended the meeting. We discussed our product roadmap and vision and received excellent validation and feedback. Most of the customers presented their deployments and success stories. It was also a great chance for the customers to hear about each other’s projects and discuss lessons learned. Kudos to our customer support and professional services teams, which earned universal high praise from our customers. Some high level feedback and observations from the Customer Advisory Board:
- Plan big but start small: All the customers had a great deployment strategy. They all bought Agiliance’s product because they had a vision of an enterprise GRC platform, a platform that can address all their GRC needs across the enterprise. However, they all had a very realistic deployment strategy. The key is to start with a very precise project with a very precise business benefit. Demonstrate value to the business and gain support for the tool, then broaden the usage. Many of the customers in attendance are on their second and third phase of deployment. Customers typically start with 1 to 2 of their use cases and then grow from there.
- No one can afford customization any more: The impact of this down economy is still very real. Everybody has less resource than before. Customer expectations have clearly changed. Customers want a product that works out of the box, that is easy to use, is easy to administer, and easy to upgrade. No one can justify large consulting bills year-in and year-out, even the large financial services and federal customers who have historically done a lot of customization to the products they buy. Customers want a product that works and not leave the main task as an exercise for them.
- Automation is no longer a nice-to-have: Compliance is still the number one driver for customer’s adoption of GRC technology. The burden of regulatory and contractual compliance is driving customers to automation. Everyone at the meeting agreed that there is no way their sizable organizations can maintain any resemblance of compliance without the help of technology. Resource and budget is just too limited vs. the responsibility they have to meet. Customers want to offload manual, repetitive and non-value-add work from their staff, improve efficiency and focus more on their business needs.
A big thank you to the customers who attended this Customer Advisory Board meeting and provided valuable feedback to help us continue to grow the product and company. I will summarize the key takeaways from the CISO Roundtable event once I get a chance to catch up from my week-long trip.
Agiliance’s New Privacy Manager Product
Filed under: Annoucements, Industry | Tags: Agiliance, data privacy, privacy
Leave a Comment 
Pravin Kothari
I usually don’t write about Agiliance business and products in this blog. I’ll make an exception today since we launched a brand new product last week. On Wednesday we added Privacy Manager to our suite of 7 GRC applications. You can read about it in our press release as well as the product page. Network World also did a very nice article on the challenges and best practices for privacy management and our new product. This is an exciting new product for us. Privacy protection is a serious issue and impacts all of us in very real ways. We as citizens, consumers, and patients need all organizations that hold our personal data to take privacy protection seriously and invest in proper privacy protection programs. I believe we are the very first vendor to offer a unified privacy management solution on the market. This new Privacy Manager product continues Agiliance’s track record of innovation.
Here at Agiliance we are fortunate to have many great partners and customers that work closely with us on our products. Privacy Manager is no exception. I would like to thank the following organizations and individuals for providing us the guidance during the development of this new product:
- Mike Gurski and his team at Bell Canada’s Privacy Center of Excellence
- Kristen Knight, Director of Privacy Compliance at Philips Medical
