A View from Inside the TornadoRajesh Unadkat
As a vendor, we get asked all the time about what everyone else is doing, what are we seeing as trends, and how does their requirements compare to others in the market. It is natural for all of us to want to make sure that our assumptions and requirements are comprehensive. Who wants to miss anything? So to that end, we put together a sampling of some of the trends that we are seeing in the market for your perusal. We would love to hear what you are seeing.
- Compliance Program Adoption – Based upon GRC 20/20’s state of the market, everyone is moving towards streamlining their adoption as this is a major issue in the industry. Is it to the point of displacement of existing investments yet? We are not sure. We are seeing where larger organizations are not extending their systems into smaller areas due to licensing and professional services costs. We also get the sense from the inbound requests that the cost of these larger, earlier generational enterprise GRC on-premise systems has slowly crept up into the realm of exceeding their perceived value. If it is difficult to implement, costly to maintain, and isn’t easy to use, why are you doing it?
- Information Security and 3rd Party Vendor Management – as information security and compliance have gotten tighter in focus, we think that people are looking for a lighter, more nimble compliance model that integrates better into their environments to augment their core data security with compliance auditing and risk dashboards. I think this trend is going to continue into all aspects of vendor management beyond just IT. I think the idea of using compliance as a protective shield against risk will naturally extend beyond the enterprise to integrate into vendors’ processes that impact the business. If you have a good data architecture, but need to extend your proactive management into security policies, why wouldn’t you want a flexible, light footprint system that allows you the flexibility to manage internal and external user compliance?
- General Compliance Application with Specific Focus – We are also seeing a requirement for broad-based, multi-purpose compliance solutions outside of IT as a big category of requests. Individually, each company may want specific requirements, but overall we are seeing commonality in the need for a core compliance system that can be extended to third parties, with a core capability for an integrated compliance (policy/controls) and audit workflow + reporting management. They characteristically want to extend the system to connect to other sources of information, may want to tweak the workflow, etc. but they generally want to put a compliance/audit capability on top of their operational business processes to ensure compliance, risk, or standardization.
- International – We see that internationally the state of GRC is varied. Europe is heavily regulated so there is a much more mature market requirements. Asia, Latin America, and Africa is dependent upon the industry and the international footprint of the company. We are also seeing the opportunity for international companies looking to extend into new markets or who are bringing on international suppliers who need the flexibility to regionalize their compliance/audit/training etc. processes. We are also seeing an increase of regional consulting firms that are looking for a flexible platform that can sufficiently meet their core platform needs, but allow them to focus on the consulting delivery rather than eating into client’s budgets with expensive professional services for customization.
We are advantaged in that we have the core platform for their needs, but built on salesforce which gives us the enterprise strengths around security and reliability, while also giving us the flexibility to configure and tailor to individual customer’s needs. Taken together, we are seeing an increase in core compliance requirements as more and more companies realize that they need the protections, standardization, and visibility that a core compliance platform provides to their business.