A Role for GRC?
Although the arsenal of IT-security products is vast, some firms are finding value in tapping a category of software not usually associated with protecting data. Governance, risk, and compliance (GRC) software was first developed to help organizations track a host of regulatory requirements, such as the internal-controls provisions mandated by Sarbanes-Oxley. It has since expanded to many other areas (see "A Defining Moment," January), and now some firms see a role for it in IT.
GRC packages "seem to represent a natural progression for security professionals in order to benefit from a more integrated approach to risk management and compliance, versus a piecemeal approach that many have been taking until recently," says Livingston, who used GRC software at previous companies. "IT GRC technologies [offer] a unified platform to automate user access, process-level, and general computing controls."
Ken Schultz, CFO at CashNet-USA, a provider of online financial services, says that because his company offers financial services over the Internet, IT security "remains at the forefront of our thought process, so we can proactively protect our platform and customers." He declined to provide specifics about how CashNetUSA is securing its information assets, but says that "fortunately, our business continues to grow despite the current economic conditions, and as such our security budget has again increased in 2009."
That doesn't mean the company isn't looking for more-economical ways to provide security. One area of interest is open-source software, a category that few might associate with security but which is in fact providing a fertile ground for new products. For example, CashNetUSA recently deployed open-source Web-application firewalls and network-vulnerability scanners.
"We find that by staying in touch with the buzz and awareness in the open-source community, we don't have to be beholden to a certain vendor to acquire and implement the technology needed to be on the cutting edge of data security," Schultz says.
Bob Violino is a freelance writer based in Massapequa Park, New York.
Reader Comments» Post a comment