Archer : EMC

RSA Solution for Cloud Security and Compliance

Sarah Nord — Mon, 30 Aug 2010 17:37:00 GMT

August 30, 2010

Today at VMWorld 2010 in San Francisco, EMC unveiled the RSA Solution for Cloud Security and Compliance for comprehensively managing security, risk and regulatory compliance of cloud infrastructures, helping increase customer confidence to virtualize business-critical applications.

“Security is a top concern organizations have about moving critical business applications to the cloud,” said Jon Oltsik, Principal Analyst at the Enterprise Strategy Group. “Even with all the benefits cloud computing provides, CIOs will continue to be wary until there is a way to manage security and compliance with the same level of assurance that is available today with physical data center environments. With today’s announcement, EMC has made an important first step in addressing this fundamental concern with security in today’s growing virtualized and cloud infrastructures.”

Featuring an easy to use dashboard based on the RSA® Archer™ eGRC platform, the solution is designed to give organizations a complete assessment of security and compliance posture across their VMware virtual infrastructure. This allows customers to centrally manage security across both virtual and physical infrastructures using RSA Archer.

The dashboard integrates with a library of more than 100 VMware-specific controls such as administrative authentication, that map to the most current global regulations such as PCI-DSS and HIPAA to ensure best practices for deployment. The solution also integrates with the RSA® enVision security information and event management platform to provide a more comprehensive assessment of security events from across the enterprise.

If you’d like to learn more about the RSA Solution for Cloud Security and Compliance, visit the following resources:

• Video Demo on YouTube
• Solution Brief on Cloud Security and Compliance
• Video Interview with RSA Leadership on YouTube

Also stay tuned here on the RSA Archer Blog for more commentary on managing security and compliance across your physical and virtual infrastructure.

Making Sense of GRC: The Case for Business Context

Sarah Nord — Thu, 19 Aug 2010 17:18:00 GMT

by David Walter – August 19, 2010

Throughout our lives, we all have to make decisions without all the relevant facts. Sometimes our instincts guide us in the right direction, and sometimes we just get lucky. But there are also those decisions that blow up in our faces. For an example, look no further than the thousands of homeowners who purchased their dream homes at the height of the housing boom, only to find themselves in a nightmare scenario months later when the market tanked and they went upside-down in their mortgages.

While we’ll never have a crystal ball that helps us see clearly into the future, we’d all like to have the facts—and just the relevant facts—when we’re faced with an important decision. But in this age of information explosion, it’s a major challenge to sift through the constant influx of data, most of which is completely immaterial. Consider this statistic presented by Eric Schmidt, CEO of Google: “Every two days now, we create as much information as we did from the dawn of civilization up until 2003.” While we may not be able to avoid the barrage of information that floods our minds and our inboxes on a daily basis, we can strive to filter out the excess and make sense of what’s left.

But to do this, we need context.

From a governance, risk and compliance (GRC) perspective, it starts with understanding what’s important to the business:

• What are the business processes that directly support our corporate objectives?
• What people, information and applications support those critical processes?
• And what are the risks to our people, information, applications and processes that may prevent us from achieving our corporate objectives?

Our customers rely on RSA Archer eGRC Solutions to answer these very questions. To put it simply, RSA Archer is a repository of what’s important to people. It helps our customers put risks, threats, incidents and compliance deficiencies into business context so they can prioritize their response and focus on what’s most significant to the organization.

Here’s just one example: Every business has intellectual property that it needs to protect, and this data may be stored and used across the global enterprise. How do you know who should be looking at this information? What movement of the information is safe and appropriate? What do you do if the information is compromised? To answer these questions, you must have business context:

• Who manages the information and who needs to access it?
• What business processes does the data support and what regulations impact the data?
• When is the information accessed?
• Where is the data accessed and where is it moved?
• Why is it necessary to store the information?

Using RSA Archer, organizations can manage a repository of information assets and perform online assessments to determine classification ratings and required retention periods. They can also link information assets to the business processes they support, the applications where they are managed, the facilities where they are housed, and the owners and custodians of the information. Based on these relationships, RSA Archer automatically generates a criticality rating for each information asset.

When a log management or data loss prevention system identifies a potential compromise of sensitive information and those events are passed into RSA Archer, both IT and business users have the context they need to respond appropriately. Events that impact critical information assets will receive prioritized attention, and appropriate users are notified of their responsibilities for issue analysis and remediation.

As a division of EMC, RSA is ideally positioned to deliver value to our customers by providing business context for governance, risk and compliance activities. EMC is renowned for its expertise in collecting data, giving it context, and presenting it to users in a way that’s easy to digest and manage. As we continue to enhance the RSA Archer eGRC Platform capabilities, we’ll maintain our focus on helping customers make sense of complex information, prioritize risks and issues, and allocate resources effectively to protect what is most important to their business.

Physical to Virtual Disaster Recovery Planning: Considerations for the Cloud

Sarah Nord — Thu, 08 Jul 2010 14:33:00 GMT

by Steve Suther – July 8, 2010

How's your disaster recovery planning these days?

If you’re reading this, it’s pretty safe to assume that either you or someone in your organization is “tuned in” enough to have well documented DR plans that enable your company's business operations to continue in the face of a significant loss of technologies, facilities or human life. And they’re testing these plans at some regular interval (once each quarter, once a year, etc.) based on internal business impact analyses, or external regulatory requirements. Right?

Now, has your disaster recovery planning been adjusted to take into account the virtualization and cloud computing initiatives that are more than likely either currently being talked about, or actually implemented, by your IT architects, or the vendors that manage your IT environments? Probably not.

How many of you did I lose with "How's your disaster recovery planning these days?" Hopefully not many. But how many of you did I lose at the first mention of virtual, or cloud recovery planning? From what I’ve been seeing and hearing from our customers, I’d be willing to bet more than a few of you.

A traditional physical-to-physical disaster recovery strategy is wrought with challenges like being able to move to another data center in a reasonable time frame, always having contracts in place with that alternate data center, reliance on a single managed service provider with geographic and organizational redundancy that won’t go out of business without warning…just to name a few. Good governance and risk management practices within your infrastructure, asset and vendor management processes are always a best-practice approach to help mitigate and control these risks to the business.

Now imagine the physical-to-virtual challenges in the development of data backup routines that move data out of the primary data center (and out of the control of the entity running that data center) and into a virtual IT environment. Cloud computing can definitely help address these challenges by serving as an important foundation for rapid recovery with a low amount of data loss. Imagine, for example, regularly synchronizing your production environments with a virtual environment that packages the data regularly for DR deployment in the event of a disaster. Assuming you’ve set up machine images that mirror your production environments, you should be able to rapidly recover into the cloud without paying to run an entirely redundant data center 24x7.

Security is quickly becoming a major concern when setting up these environment and their related DR processes, and RSA is actively participating as part of the Cloud Security Alliance to ensure that through EMC, RSA and other products, safe cloud computing can address newly emerging threats to the cloud, as well as incident response within the cloud. Be sure to check out the RSA web site for more information.

Security aside, here are a few more key components to ensure that you too can achieve effective DR in your cloud computing environment:

• Set up procedures for synchronizing data with tools that package the data regularly for DR deployment (and don’t forget about data encryption!)
• Create machine images that have the same operating system, tools, core applications, and libraries as your production systems
• Use the appropriate set of tools to configure your DR environment to automate your required DR processes
• Regularly test restoring your infrastructure based on the current data in your cloud environment and validate the success of the event

The main benefit of this approach is that you simply know your DR system will work for you in the same manner that it did for you in your physical environment, while reducing computing and resource costs to your organization.

Where is your organization these days with regards to ensuring DR capabilities within your cloud? Let me know, and I promise to keep everyone updated on the great work being done within the industry!

EMC’s CIRT: Smart People Solving Complex Problems with RSA/Archer Integration

Sarah Nord — Wed, 12 May 2010 19:48:00 GMT

by Jeff Glasco – May 12, 2010

Complex problems are everywhere, as witnessed in the headlines of the past week. How do you plug a hole gushing 200,000 barrels of oil a day when it’s a mile deep in the ocean? How do you implement controls to prevent mysterious 1000 point drops in the DOW? How do you bail out an entire country’s economy amidst rioting?

For many of us, the answer is straightforward: We look to our smart people to come up with a solution. Our smart people are being forced to become even smarter as they stare down modern problems. I hear it’s even causing some of our not-so-smart people to smarten up and contribute to the cause. (I got a letter in the mail last week asking me to step up my game.)

I had the opportunity to work with some of these smart people at EMC, prior to its acquisition of Archer (yes, EMC was a customer first). EMC’s Critical Incident Response Team (a.k.a. “The CIRT”) looked for new ways to identify and respond to security events in the organization. They had a vision for streamlining their incident investigation processes by integrating RSA’s industry leading SIEM product, enVision, with Archer GRC business process management capabilities.

EMC’s CIRT elevated their incident-triage capability by minimizing manual data aggregation processes and providing business context to technical alerts from enVision. They sought to enrich alert data in order to move beyond a vulnerability-driven context model and toward an exposure-driven model of security management. The result is a triage process that allows EMC to prioritize resources based on business impact and data exposure. They’re now able to view the business operational impact of incidents through the single lens of an Archer dashboard and operate incident management processes in a cross-functional GRC domain.

EMC’s CIRT continues to evolve their enVision and Archer integration architecture, providing the RSA enVison and Archer GRC product teams with a unique opportunity to build on a proven solution—one that was crafted by smart people to tackle complex problems facing global organizations. You could say we’ve been inspired, and now we have new teams of smart people creating solutions that leverage RSA enVision and Archer to help organizations tackle an ever-expanding pool of GRC-related issues.

A few of our resident smart people will present new solutions for tackling risk and compliance challenges through the integration of RSA enVision and Archer in an upcoming webcast. Please join our own Steve Schlarman along with Sam Curry and Paul Stamp of RSA as they expand on the opportunities for your organization.

Here are the details of this event:

When: Tuesday, May 18 at 2 p.m. US Eastern
Registration: http://info.rsasecurity.com/2010Am/webcast/100518_Archer_Compliance/online.html

Visit the Archer Team at EMC World

Sarah Nord — Fri, 07 May 2010 15:50:00 GMT

May 7, 2010

The Archer team is excited to participate in our first EMC World next week in Boston. This event is the ultimate educational forum for EMC customers and partners, where you can:

• Participate in 500+ breakout sessions, technology updates, keynotes, lectures, live demos, workshops and birds-of-a-feather discussions
• Network with thousands of your peers from around the world

If you’re attending, we invite you to stop by the RSA booth (#321) to meet with Archer GRC experts and tour our solution offerings. You can also connect with David Walter, director of eGRC solutions, in his session on Leveraging an Automated Approach to GRC to Reduce Risks and Costs.

We hope to see you there!

Archer GRC Goes Global

Sarah Nord — Thu, 29 Apr 2010 21:15:00 GMT

by Jon Darbyshire – April 29, 2010

Since joining the EMC family in January, we’ve had many exciting opportunities to introduce international companies to the Archer governance, risk and compliance (GRC) solution suite. As I write this, I’m currently traveling through China, Japan, India, Singapore and Australia, meeting with customers, partners and colleagues from RSA and EMC to share our vision for best-in-class GRC programs. Our entire team has also traveled extensively across Europe, Asia, Australia and South America in recent months, leading discussions and delivering training to organizations that are seeking ways to reduce the cost and complexity of their risk management and compliance initiatives.

Here are some of the locations we’ve visited:

• Tokyo
• Hong Kong
• Bangalore
• Mumbai
• Singapore
• Melbourne
• Sydney
• London
• Paris
• Rome
• Stockholm
• Edinburgh
• Amsterdam
• Toronto
• Montreal

So what does this international expansion mean to our customers? More service, support and value from their investment in Archer GRC solutions. As we educate our partners and RSA/EMC colleagues on the capabilities of the Archer SmartSuite Framework, our customers will have increasing access to technical support and consulting services around the globe. This is particularly important for organizations that have rolled out their Archer implementation on a global basis and to those who are considering this option.

As part of our international expansion, we’re also working to deliver localized content, including regulations for specific markets, such as the Comisión Nacional Bancaria y de Valores de Mexico requirements. Additionally, we are responding to customer requests for globalization of the Archer SmartSuite Framework. If you’re a member of the Archer Community, you can learn more out on the Archer Idea Exchange.

This is an exciting time for the Archer team as we expand our global reach and engage with the EMC family around the world in support of our customers’ GRC initiatives. If you have specific needs for international content and product capabilities, please post your requests on the Idea Exchange and vote for ideas submitted by your peers. I also invite you to give us your feedback here on the Archer GRC Blog.

Record-Breaking Attendance at the Archer 2010 GRC Summit

Demian Tallman — Thu, 15 Apr 2010 16:05:00 GMT

April 15, 2010

Reflecting the increasing demand for enterprise governance, risk and compliance (eGRC) solutions, services and industry expertise, a record number of GRC professionals will attend the 2010 Archer GRC Summit, April 14–16 in Orlando. Hosted by RSA, The Security Division of EMC, this seventh annual event will attract more than 350 GRC professionals from Fortune 1000 corporations and industry-leading services and technology companies.

Since acquiring Archer Technologies in January 2010, EMC’s security division has emerged as a leading provider of strategic, efficient and sustainable GRC solutions. RSA offers the powerful combination of integrated technologies and expert resources to address business processes spanning IT, finance, operations and legal domains.

“The Summit’s continued growth reflects the expanding adoption of the RSA Archer GRC Framework and Community among the world’s most highly respected organizations,” said Jon Darbyshire, Archer General Manager for RSA, The Security Division of EMC. “Since our acquisition by EMC, we have gained significant traction with organizations facing a rapidly evolving risk and regulatory landscape. We’re excited to gather once again with our customers for the Archer GRC Summit to discuss best practices and technology solutions for reducing the cost and complexity of today’s GRC challenges.”

Archer GRC Summit Programs and Sessions
The 2010 Archer GRC Summit kicks off with a series of client working groups and roundtables on topics that include risk management, incident management, audit management, policy management, business continuity management, vendor management and enterprise GRC.

The Summit will also feature 25 client-led sessions showcasing GRC implementations and business benefits of the Archer GRC Framework. These sessions include:

• eGRC at Lightning Speed
• End-to-End View of IT Risk through a GRC Program
• Simple GRC: Using Audit as the Hub for Alignment
• Building a Converged IT-GRC Program with Archer
• PCI Best Practices
• Audit Management: Turning Challenges into Opportunities

In addition to client-led workshops at the Summit, RSA will lead several general session discussions, including keynotes from Jon Darbyshire and RSA President Art Coviello on “The Future of GRC.” Additionally, RSA will present the GRC Strategy and Content Library Roadmap to help organizations take a systematic approach to implementing GRC programs enterprise-wide.

Archer Community and Exchange Enhancements
Enhancements to the Archer Community and Exchange will also be revealed at the summit. The Archer Community, an online social network for GRC professionals and product experts, has more than 3,500 active members who have contributed nearly 1,500 ideas to fuel the product roadmap for the RSA Archer GRC Framework.

Enhancements to the Archer Exchange, an online marketplace for GRC applications, content, services and integrations, include major additions to the GRC Content Library, such as 24 key U.S. and international authoritative sources, dozens of control standards across multiple GRC topic areas and 5,000 new assessment questions. Other additions include integrations with technologies from RSA, Rapid7 and Qualys as well as service offerings from EMC Consulting, KPMG and Ernst & Young.

More information on the Archer GRC Summit is available at http://www.archer.com/events/index.html.

AMC Takes eGRC to the Next Level with RSA's Archer GRC Framework

Demian Tallman — Thu, 15 Apr 2010 14:40:00 GMT

April 15, 2010

RSA, The Security Division of EMC today announced that AMC Entertainment Inc (AMC), a Kansas City-based theatrical exhibition and entertainment company, has selected RSA and its Archer GRC Framework (Archer Technologies was acquired by RSA, The Security Division of EMC, in January 2010) for its Enterprise Governance, Risk and Compliance (eGRC) implementation. AMC has rapidly deployed an eGRC program leveraging software-as-a-service (SaaS) delivery. By integrating policy, vendor, audit and risk management, the company is able to automate, measure and report on their eGRC initiatives.

“AMC required a holistic enterprise solution for managing policy, risk, compliance and audit processes,” said Mike Czinege, CIO, AMC Entertainment Inc. “The Archer GRC Framework addressed our needs with a single portal for business process automation, content and workflow management, and business-level reporting.”

AMC serves hundreds of millions of guests annually through interests in 299 theatres with 4,528 screens. The company’s commitment to protecting customer data and demonstrating compliance with such requirements as the Payment Card Industry (PCI) Data Security Standard were primary factors in its decision to procure an eGRC software solution. AMC selected RSA’s Archer GRC Framework for its full range of GRC capabilities, its comprehensive library of policy and regulatory content, and its active user community.

With policy and vendor management initiatives already underway, AMC plans to extend its use of the RSA Archer GRC Framework into audit, compliance, risk, incident and threat management in 2010 to round out its eGRC program.

With the acquisition of Archer Technologies, RSA now delivers enterprise governance, risk and compliance (GRC) solutions that enable companies to manage enterprise risks, demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls. For more information, visit www.archer.com.

About RSA
RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

Podcast: Major Themes from RSA Conference 2010

Sarah Nord — Fri, 05 Mar 2010 19:04:00 GMT

March 5, 2010

Bank Info Security featured a podcast this week with Archer’s Director of eGRC Solutions, David Walter. Live from the Expo floor at the RSA Conference 2010, David discusses three hot topics of discussion among visitors at the Archer GRC booth:

• Journey to the Cloud – How Archer, RSA and EMC are embedding security and compliance into cloud computing

• Platform Approach to GRC – Why organizations are selecting Archer’s platform approach to governance, risk and compliance in order to integrate data sources, correlate information and report to higher-level management

• GRC Strategy Roadmap – Why it’s essential take a strategic look at business processes and how they can be interrelated in order to form an overall picture of governance, risk and compliance

If you’d like to hear David’s commentary, follow these simple steps:

1. Visit http://www.bankinfosecurity.com/rsa2010.php.
2. Scroll down to the bottom of the page to the Security Vendor Interviews section.
3. Scroll through the list of podcasts, and click on David Walter, Senior Product Manager – Archer Technologies, as shown below.

Executive Perspective from RSA and Archer

Sarah Nord — Thu, 11 Feb 2010 21:10:00 GMT

February 11, 2010

Archer President Jon Darbyshire and RSA President Art Coviello recently sat down to share their perspective on EMC’s January 2010 acquisition of Archer Technologies. We invite you to view their brief video conversation to understand the value of the acquisition to Archer and RSA customers—and the impact for the broader industry.

You can also learn more about benefits to Archer’s user community as we join with RSA, The Security Division of EMC, in Jon’s most recent blog post.

Archer + EMC = More Value for Our Customers

Sarah Nord — Wed, 10 Feb 2010 14:11:00 GMT

February 10, 2010

Clients, Partners, Colleagues and Friends:

It’s been a few weeks since I’ve written, and I’d like to update you on the benefits you’ll see over the next several months, resulting from Archer’s integration into RSA, The Security Division of EMC. We’re incredibly excited to join with the EMC family to strengthen our ability to support enterprise governance, risk and compliance (GRC) programs on a global scale and to deliver greater value to you, our user community.

I’ve had conversations with many of you about what our relationship with EMC means for our customers, and I’d like to summarize some key points:

Focus on Enterprise GRC and Community-Driven Innovation
As I stated in my last message, the Archer team will remain focused on delivering enterprise GRC solutions across IT, Finance, Operations and Legal business domains. Our community-driven approach to Framework and solution innovation will be stronger than ever, and the relationships we share with our customers will not change. RSA is dedicating additional resources to add value to Archer, and they are doing so in a manner that allows our team to stay focused on meeting customer needs and continuing the evolution of our GRC platform and solutions.

Synergies with Products Across EMC Divisions
Many of you are customers of EMC and RSA, and you will benefit from deeper integration with their products. Integration will allow you to further streamline 1) the collection of evidence for testing IT controls and 2) the handling of issues identified by products such as RSA enVision, RSA Data Loss Prevention, the RSA Identity Protection and Verification Suite, as well as products in the EMC portfolio, like the Ionix suite of IT management products and VMware.

Key integration principles will include:

• Maintaining an open architecture – The content independence and vendor neutrality of the Archer SmartSuite Framework is a key differentiator for Archer that will not change.

• Aligning alerts, reports, etc. in other RSA products with Archer controls – This will enable easier mapping of reports and alerts to the business drivers and impacts behind them.

• Providing packaged capabilities – RSA will deliver pre-built integrations with the Archer SmartSuite Framework across the RSA product line, taking advantage of Archer's open architecture.

Stay tuned to the Archer, RSA and EMC blogs over the next weeks and months for more details on product synergies and integration.

Software Development and Quality Assurance
EMC considers product quality to be of paramount importance, and future releases of the Archer SmartSuite Framework and GRC solutions will take advantage of EMC methodologies and tools regarding quality assurance in the software development lifecycle. This will result in enhanced speed to market and an improved Total Customer Experience for Archer customers.

SaaS Environment
Archer SaaS customers will be moving to a Tier-1 EMC data center in the second quarter. EMC hosted data centers are SAS 70 certified, giving you visibility into the controls in place to protect your data. Moreover, EMC hosted data centers typically maintain the highest availability, so you can be confident in our ability to meet your service-level expectations.

Customer Support and Professional Services
You will continue to receive the same exceptional service you have come to expect from Archer’s product experts, and you’ll have additional resources from RSA, EMC and our broader partner community to empower your GRC programs on a global scale. Specific to customer support, you’ll see expanded hours and international resources for your global user base.

In the area of professional services, you’ll have access to consultants from EMC and RSA with deep industry and technology expertise across business, applications and infrastructure. (For more information on EMC Consulting, I invite you to read a recent article by EMC’s Yo Delmar titled On the Road to Dynamic GRC – EMC, RSA and Archer Technologies.)

As you can see, there’s a lot to be excited about as Archer joins forces with one of the world’s largest and most innovative technology companies. For those of you who are attending the upcoming RSA Conference in San Francisco, I hope you’ll visit the Archer, RSA and EMC booths for more information. I also urge you to join us for the Archer GRC Summit in April, our annual user group gathering, where we’ll provide much more detail on how Archer, EMC and RSA have joined forces to bring together the people, processes and technologies that enable global GRC programs.

Thank you for your business and your continued support of Archer.

EMA Report: EMC Acquires a Unifying Risk and Compliance Management Platform with Archer

Sarah Nord — Thu, 28 Jan 2010 19:40:00 GMT

January 28, 2010

Enterprise Management Associates (EMA) recently published an impact brief, providing their analysis of EMC’s acquisition of Archer Technologies. We invite you to download the brief from the Archer web site for a third-party perspective on the synergies between Archer’s GRC platform and the EMC portfolio—and what the acquisition means for the industry at large.

Impact Brief Excerpts:

Initially, few believed that regulatory initiatives such as SOX would have much if any impact on IT. What many failed to recognize is that IT is not just a business enabler, but is in fact the engine on which today’s enterprise runs.

……..

Few have succeeded to the extent of Archer, particularly in linking the relationship of IT to the management of enterprise governance, risk management and compliance efforts.

Archer has distinguished itself in two particular ways. First, the Archer SmartSuite framework is not a single application, but is rather a platform for building any number of tools that support program management in multiple domains and deliver the insight needed to measure, develop and refine strategy. The adaptability of this platform to user innovation has supported the development of Archer’s second major distinction, in the rise of a particularly loyal and vocal user community that has actively pushed the limits of what Archer can deliver.

……..

With this acquisition, EMC gains a dominant enabling platform for the management of risk and compliance strategy. It aligns not only with RSA, but with EMC’s core interests in information management, considering the volume of information under the management of GRC-enabling tools. Its role in supporting risk and compliance strategists can therefore be expected to become a point of unification across the EMC portfolio.

Download the full EMA impact brief, “EMC Acquires a Unifying Risk and Compliance Management Platform with Archer Technologies,” to read more.

On the Road to Dynamic GRC

Sarah Nord — Tue, 26 Jan 2010 14:35:00 GMT

By Yo Delmar—Director, Strategic Offer Marketing, EMC Consulting, EMC Corporation

January 25, 2010, Guest Contribution from Yo Delmar’s GRC and Beyond Blog

I’m going to depart from my usual non-vendor-specific posts and comment on EMC’s acquisition announcement of Archer Technologies earlier this month. I see this as a strategic move for us as we continue to build on our strengths in providing end-to-end GRC capabilities for our customers. Archer provides a critical component in the overall picture; and is a leader in the inner-most circle of the GRC eco-system supporting policy life cycle management, risk and compliance assessment management as well as visualization and analytics. We share a vision of Dynamic GRC and believe that enterprise and IT GRC are converging, fueled by the shift to continuous controls monitoring not only at the application layer, but also at the information management and infrastructure layers. This puts EMC in a fabulous position to be a strategic enabler of this convergence, especially as pressures grow to GRC-enable the Private Cloud.

Archer provides EMC with a flexible platform of broad enterprise GRC capabilities facilitating the mega processes of enterprise governance, risk and compliance across IT, Operations, Finance and Legal domains. For those of you who know Archer, and those of you who want to know a little more – their solutions are built on the Archer Smart Suite Framework supporting policy management and administration, risk management, compliance management, audit management, incident management, business continuity management, vendor management, threat management, and enterprise GRC management. What’s important is that Archer not only supports IT GRC, but also Enterprise GRC – which is key when we consider that convergence is beginning in these spaces.

EMC has lots of synergies with Archer - one of the most important is with EMC Consulting – a group of over 2700 consultants with deep industry and technology expertise across business, applications and infrastructure – and, of course, the Private Cloud. EMC Consulting is a natural fit with Archer – because the road to Dynamic GRC requires, and will continue to require, business strategy and design services to help customers evaluate, plan and implement roadmaps with consideration for architecture, operations and processes. EMC Consulting has GRC experts from business risk management topics like business process compliance, Basel II and financial risk through application and information governance, business continuity and data protection, security services and virtualization, consolidation and private cloud computing – all critical in supporting GRC across the enterprise and IT operations.

EMC products have lots of synergies with Archer –

Ionix’s IT Management suite discovers and analyzes not only the relationships between applications, servers and network elements, but also collects an enormous amount of information on control states – remember our acquisition of Configuresoft last year? Prime example.

CMA’s lineup of products supporting GRC from Documentum for Content management, through Source One for legal ediscovery including our acquisition last year of Kazeon for information discovery – to mention a few –

The Storage and Backup Recovery Systems (BRS) division of EMC, the birthright of the company, has industry-leading solutions supporting storage management and tiering, replication, secure backup, recovery, and archiving. We all are becoming increasingly aware that storage and backup recovery systems support both information management GRC and IT operations GRC objectives.

Our recent acquisition, Data Domain, adds strong data deduplication capabilities to the product portfolio. These solutions are employed by EMC customers to jointly address their data retention, resiliency and availability, and storage efficiency requirements.

RSA, the Security Division of EMC – this is obvious with world class products for identity and access management, authentication, encryption, data loss protection (DLP) and security information and event management (enVision). Some estimate that security-centric GRC accounts for at 50-70% of an enterprise's GRC policies and control objectives. While information security is typically considered a subset of risk management, security systems have traditionally led in the implementation of IT GRC solutions to manage information-related risk – in fact, most IT GRC solutions are anchored in security frameworks such as ISO 27001.

It makes sense for Archer to reside within RSA, the security division of EMC, while working collaboratively with EMC Consulting and the product divisions to realize the vision of Dynamic GRC. I’m jazzed by the vision and enjoying working with the Archer crew as we map out what’s possible –in the end it's all about reducing risk and making it possible to evolve our technology eco-system to enable business agility. Dynamic GRC is big enabler that.

Want to read more? Check out Chuck Hollis’s comment on the EMC Archer acquisition.