By Yo Delmar—Director, Strategic Offer Marketing, EMC Consulting, EMC Corporation

January 25, 2010, Guest Contribution from Yo Delmar’s GRC and Beyond Blog

I’m going to depart from my usual non-vendor-specific posts and comment on EMC’s acquisition announcement of Archer Technologies earlier this month. I see this as a strategic move for us as we continue to build on our strengths in providing end-to-end GRC capabilities for our customers.  Archer provides a critical component in the overall picture; and is a leader in the inner-most circle of the GRC eco-system supporting policy life cycle management, risk and compliance assessment management as well as visualization and analytics. We share a vision of Dynamic GRC and believe that enterprise and IT GRC are converging, fueled by the shift to continuous controls monitoring not only at the application layer, but also at the information management and infrastructure layers.  This puts EMC in a fabulous position to be a strategic enabler of this convergence, especially as pressures grow to GRC-enable the Private Cloud.

Archer provides EMC with a flexible platform of broad enterprise GRC capabilities facilitating the mega processes of enterprise governance, risk and compliance across IT, Operations, Finance and Legal domains. For those of you who know Archer, and those of you who want to know a little more – their solutions are built on the Archer Smart Suite Framework supporting policy management and administration, risk management, compliance management, audit management, incident management, business continuity management, vendor management, threat management, and enterprise GRC management. What’s important is that Archer not only supports IT GRC, but also Enterprise GRC – which is key when we consider that convergence is beginning in these spaces.

EMC has lots of synergies with Archer  - one of the most important is with EMC Consulting – a group of  over 2700 consultants with deep industry and technology expertise across business, applications and infrastructure – and, of course, the Private Cloud.  EMC Consulting is a natural fit with Archer – because the road to Dynamic GRC requires, and will continue to require, business strategy and design services to help customers evaluate, plan and implement roadmaps with consideration for architecture, operations and processes. EMC Consulting has GRC experts from business risk management topics like business process compliance, Basel II and financial risk through application and information governance, business continuity and data protection, security services and virtualization, consolidation and private cloud computing – all critical in supporting GRC across the enterprise and IT operations.

EMC products have lots of synergies with Archer –

Ionix’s IT Management suite discovers and analyzes not only the relationships between applications, servers and network elements, but also collects an enormous amount of information on control states – remember our acquisition of Configuresoft last year? Prime example.

CMA’s lineup of products supporting GRC from Documentum for Content management, through Source One for legal ediscovery including our acquisition last year of Kazeon for information discovery – to mention a few – 

The Storage and Backup Recovery Systems (BRS) division of EMC, the birthright of the company, has industry-leading solutions supporting storage management and tiering, replication, secure backup, recovery, and archiving.  We all are becoming increasingly aware that storage and backup recovery systems support both information management GRC and IT operations GRC objectives.

Our recent acquisition, Data Domain, adds strong data deduplication capabilities to the product portfolio. These solutions are employed by EMC customers to jointly address their data retention, resiliency and availability, and storage efficiency requirements.

RSA, the Security Division of EMC – this is obvious with world class products for identity and access management, authentication, encryption, data loss protection (DLP) and security information and event management (enVision).  Some estimate that security-centric GRC accounts for at 50-70% of an enterprise's GRC policies and control objectives.  While information security is typically considered a subset of risk management, security systems have traditionally led in the implementation of IT GRC solutions to manage information-related risk – in fact, most IT GRC solutions are anchored in security frameworks such as ISO 27001.

It makes sense for Archer to reside within RSA, the security division of EMC, while working collaboratively with EMC Consulting and the product divisions to realize the vision of Dynamic GRC. I’m jazzed by the vision and enjoying working with the Archer crew as we map out what’s possible –in the end  it's all about reducing risk and making it possible to evolve our technology eco-system to enable business agility. Dynamic GRC is big enabler that.

Want to read more? Check out Chuck Hollis’s comment on the EMC Archer acquisition.