This is Bill Ender's Typepad Profile.
Join Typepad and start following Bill Ender's activity
Join Now!
Already a member? Sign In
Bill Ender
Recent Activity
Chuck, in general, I agree with your thinking regarding GRC; in particular, your definition of the GRC components is among the most concise I've encountered ("GRC Thinking From An IT Perspective," January 15, 2009) -- kudos to you for that. But I'm not entirely aligned with you on the relationship of a GRC framework to the reluctance of large enterprise IT users to migrate to cloud computing. I submit that if you "ask any 10 large enterprise IT users as to why they won't use external service providers (e.g. cloud)," their primary concerns are security of their information -- a given -- and *integration* with their internal/legacy processes. Any number of individual applications, processes, and component suites (e.g. ERP, CRM, etc.) can be and have been successfully replicated in external "managed services" models over the past 10+ years. But many large enterprises have invested an incredible amount of time, effort, and resources in "hooking things together" to serve their particular business needs. *That's* the stuff that's daunting when it comes to considering migrating to cloud computing -- i.e., how to unwind (or even understand) the years of "spaghetti code" and middleware connections that have been built up over time. That said, do *I* think that EMC/RSA's acquisition of Archer makes sense? ABSOLUTELY! I've known Jon Darbyshire and his team for many years and led the implementation of Archer's framework for one of their earliest, largest, and longest customers. I, personally, encouraged Archer several years ago to expand from its earlier Information Security-centric model and incorporate GRC functions; because it was obvious that the outstanding work they had done with Policy Management, Risk Assessment, and other modules and their role-based access controls could be applied effectively to other operational risk domains (Vendor Management, BCP, etc.). And, in my view, Archer's Compliance Management and Audit Management modules are a master stroke of genius that puts them in a category by themselves as a GRC suite. Having the Archer product in your toolkit along with EMC/RSA's other products I see as a significant advantage -- both for you and for Archer's existing and future customer (for whom it effectively deflates the "but they're such a small company" argument). The most exciting element of this acquisition to me will be watching how the Archer platform becomes integrated with some of the other EMC/RSA apps. If you're ever in need of an experienced and forward-thinking Archer evangelist, give me a shout.
Toggle Commented Jan 7, 2010 on EMC To Acquire Archer at Chuck's Blog
Bill Ender is now following The Typepad Team
Jan 7, 2010