5 Things to Consider When Choosing a Risk and Compliance Solution
By Chris Caldwell
The threat of being out-of-compliance and exposed to risk likely keeps many of your customers up at night — regardless of their company’s size or industry. Managing compliance and mitigating risk is tedious, time consuming and complex. Your customers are probably required to comply with multiple sets of external regulations encompassing hundreds, if not thousands, of individual controls, while trying to distill actionable data from an assortment of disparate security applications. Up against unprecedented scrutiny in the wake of high-profile security hacks and data breaches, increased pressures to reduce costs and a staggering number of new regulations and directives, most companies are still struggling.
Building a robust governance, risk and compliance (GRC) program is becoming an integral component to any IT security initiative, and the GRC market is driving a wealth of new channel opportunities. In addition, with constantly changing compliance regulations and more of your customers’ critical data/applications moving to the cloud every day, solution providers need to be prepared to effectively support GRC initiatives that keep up with today’s fast-paced risk and compliance environment.
Whether your customer is a 150,000-employee global company in a highly regulated industry or a small business trying to comply with regulations such as the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) or Health Information Technology for Economic and Clinical Health Act (HITECH), chances are they may look to you for support. To add to the confusion, compliance with these regulations is a constantly shifting target as updates and new controls are released. Increasingly, IT resource-constrained organizations are asking channel providers to help them meet their compliance needs and ease the audit burden.
Solution providers aiming to help customers prove compliance, as well as manage the risk of moving to the cloud, harnessing big data and managing BYOD policies (among other hot security issues) are partnering with technology providers that offer a comprehensive suite of GRC applications. An effective GRC platform should provide a fast and efficient way to manage complex risk and regulatory compliance requirements. However, not all GRC platforms are channel friendly.
Channel-ready GRC solutions should:
- Provide a cost-effective, low-barrier solution so customers can realize immediate ROI.
- Deliver an easy-to-install (and easy-to-use), flexible platform that eliminates the previous frustration associated with outdated, rigid GRC technology.
- Include a simple user interface and an exhaustive library of controls and standards.
- Fully (and easily) integrate with existing infrastructure — vulnerability management software, SIEM products, etc. — and provide exceptional correlation capabilities.
- Leverage the cloud to make comprehensive, scalable GRC initiatives accessible for companies of any size.
Help your customers better manage enterprise risks and demonstrate compliance by leveraging an effective GRC solution. By unifying security content and providing risk context at any scale, your customers can finally evolve their GRC strategies to gain real-time, enterprise-wide risk and regulatory intelligence.
Software industry veteran Chris Caldwell is the co-founder and CEO of LockPath, which helps companies of all sizes address the increasingly complex issues of regulatory compliance and risk management. He was previously president and COO of PPM Information Solutions and, before that, vice president of products and marketing for GRC provider Archer Technologies.