By Clive Gold, CTO Marketing, EMC Australia and New Zealand.
If you are in IT, then GRC is going to be vital to you. As my job involves a lot of presenting and so I’ve become a PowerPoint wiz! I’m not boasting; it’s just to do
my job, I have to use PowerPoint almost every day! Your GRC tool will become the same for you!
That probably sounds like a big statement given most of you are not familiar with the concept of an IT Governance, Risk and Compliance framework, never mind why it’s growing in importance.
The transformation in IT is moving into a phase where the manual and repetitive tasks previously performed by people are being automated. This movement is compelling because this level of automation can be implemented at a lower level, at a finer grain and in a continuous way, changing the very nature of what can be achieved.
Let’s take IT Infrastructure security as a prime example of an area of growing concern for risk management. The monitoring of infrastructure logs, alerts and events, for all but the simplest of environments, is past human capability to monitor and comprehend. SIEM, (Security Information and Event Management), is a field that has seen a great deal of innovation over the last few years. Starting as a way to record and keep events and security information, in a consistent way, it quickly developed into a way to correlate this data. Then, as the experienced security professional will tell you, security is about pattern recognition, so the systems grew in intelligence to automatically detect these patterns.
This is good, but is it sufficient? I would argue that in isolation SIEM will lose its effectiveness! Why? Well here is an example; EMC RSA’s product enVision, (here), consolidates and correlates security-management information. This allows you to detect when a privileged user, provides a higher level of access to another user. The question is, “Should they have done that?” To answer this question, we need to consider the security implications as well as the organisation’s policies. Today, most users of enVision have a security person who makes this decision, but as IT scales up, can this person continue to be effective? My answer is no, so we need a the next layer in the stack, that combines corporate policy with security best practices in order to make this decision and escalate when there is a risk or a breach in the organisations policy. That layer is called EMC|RSA Archer, the GRC framework which enables this combination of policy, procedural requirements and best practices with operational data.
What prompted me to was that EMC|RSA Archer was recently classed by Forrester as one of the leading technologies in this space, (here). Worth a quick read to start learning about your future!