The GRC Market is Expanding at an Exponential Rate
According to a recent study by research firm The TABB Group, the international business world as we know it is about to face a ‘data tsunami.’ Global internet traffic is projected to reach 1.4 petabits per second. That’s 125 terabytes every second that must pass through servers and networks monitored by information security professionals. This explains a significant shortage of qualified employees in this space by a factor of 500,000 to 1 million employees and is projected to continue for the next decade.
Information security is a big deal; the public outrage over breaches like the U.S. Office of Personnel Management and the formation of bills around the protection of personal information is proof of that. What most people don’t realize is the whole industry geared toward handling and preventing breaches is booming. With over 600 GRC solutions on the market currently, it seems that predictions show that the GRC market would hit $31.77 billion by the year 2020 with global compliance market spend reaching $2.6 billion in 2015 alone.
Because of the rising tide of cyberthreats and the veritable staffing drought, organizations are turning to more agile, lightweight software solutions that require less resources (both human and physical) to run. Since GRC is just a fancy term for the general activities of governance, risk and compliance, every company has been running some form of an oversight and risk management program on their own for years. Many organizations, especially the larger and more established entities, saw the need years ago for software solutions to ensure proper accountability was taken with compliance and information security. Unfortunately, many of those solutions are built on decades-old codebases, require a vast amount of professional services hours to maintain and operate, and do not play nice with newer and more advanced information security tools.
To effectively leverage modern vulnerability scanners, event loggers and configuration managers, more companies are turning to newer, more dynamic solutions. As TABB technology analyst Shagun Bali puts it, “enterprise-wide compliance requires a push from top management to introduce a new, efficient architectural paradigm that enables a holistic and unified view of internal and external data, working with vendors and automating parts of the compliance process.”
As the GRC market continues to expand (increasing at a rate of 9.42 percent a year), it can be tough choosing the right solution for your organization. Here are a few things to look for in prospective solutions that will become increasingly important in the years to come:
Lightweight and Agile – One big complaint with using obsolete GRC software is that they were designed with different objectives in mind, as such, are clunky and can’t keep up with the sheer amount of data.. Newer technologies have been built with the idea of big data in mind and are often run on dynamic frameworks that can handle the load. Be sure to challenge software presenters to create reports and assessments in real time during a live demonstration to prevent being promised one thing and sold another.
Adaptability and Native Connectors – As is the case with Frankenstein’s monster, nothing really works all that well when it’s bolted on to antiquated and shambling frame. One thing to look for when considering a next-generation GRC software platform is the amount of native software connectors offered and if they match up to your current systems. Correlating raw output data with existing cyberthreat databases is no fun and incredibly time-consuming to boot, so be sure the software products being considered are able to accurately capture all useful information in an efficient way.
Intuitive User Interface and Effective Reporting – Anyone who’s interfaced with a software platform sporting a designed user experience will tell you it’s complete agony. If that same solution lacks the capability to create clear and meaningful reports for senior leadership in a time-effective manner, it could hurt much more than an organization’s bottom line. Saddling an IT team with the burden of determining ROI on a software without the means to do so can lead to decisions without seeing the complete picture.
So long as there are cyberthreats and breach mitigation activities for corporations to monitor, the GRC market will continue to grow, and like any booming market, there will always be the possibility of snake oil among legitimate solutions. The key is to be vigilant in examining all factors involved before making a decision that could affect your employees and customers alike.
With Constitution Day tomorrow, September 17, let’s learn what the Constitution can teach your organization about corporate governance.
Learn how Lance completed his 50 mile race and how it relates to building a risk management program.
This month’s Risk Roundup is about data privacy, the biggest California earthquake in 20 years, and the business impact of the US-China trade war.