Operationalizing Governance, Risk and Compliance
IT goverance, risk, and compliance is now a major operation in organizations. Operationalizing it will save time and money. This report looks at why and how to operationalize GRC in an IT department.
SUMMARY
Catalyst
IT is moving from being a provider of technology to a services provider that enables business users to drive the organization. With this shift, there is a need for CIOs to be able to demonstrate that current resources are being deployed effectively and more importantly that everything is compliant with local governance rules or specific industry regulations. SureCloud provides a security compliance management suite that allows organizations to operationalize IT governance, risk, and compliance (GRC).
Key messages
- SureCloud has a number of out-of-the-box compliance templates that enable organizations to rapidly implement compliance initiatives.
- SureCloud is priced per person and not per module, making it accessible to organizations of all sizes.
- SureCloud’s workflow capabilities provide an agile environment where organizations can rapidly design, develop, and implement bespoke compliance processes.
- SureCloud is a cloud provider that fosters the notion of collaboration with tools designed to support this objective.
Ovum view
The role of GRC will, in Ovum’s opinion, become critical as organizations start to use more cloud-based services and mix these with in-house services. The role of GRC will be to ensure that organizations use the correct service for the correct reasons and do not put the company, or its data, at risk. SureCloud has developed a simple to use solution to help organizations implement GRC and then to ensure it becomes embedded in the operational activities.
RECOMMENDATIONS FOR ENTERPRISES
Why put SureCloud on your radar?
Today the need for organizations of any size to adopt good process and procedures surrounding GRC is well understood, but implementing such practices has been the Achilles heel. GRC has a reputation of being a difficult and complex solution to implement. SureCloud has developed a suite of programs that help move GRC from being considered a technical process to a more business-centric one, and as such elevate its importance to the corporate level.
To help organizations, SureCloud employs a number of different ways to simplify the adoption of GRC. First, it is a cloud-based solution that supports and derives value from collaboration techniques such as the ability for all an organization’s suppliers to access and complete compliance checks in one central location. This approach is particularly helpful from the perspective of an external auditor who can simply audit compliance instead of having to gather data before beginning the audit. Second, SureCloud is priced per person and not per module, making it accessible to SMB customers.
HIGHLIGHTS
Background
Established in 2006, SureCloud is a British company based in Reading, Berkshire. With annual growth of over 50%, SureCloud has more than 200 customers throughout the UK from the retail, financial services, and government sectors, including a large number of local authorities. SureCloud combines security point solutions (to assess and monitor networks, applications, and airwaves) with GRC process automation, a hybrid of GRC and information security point solution vendors, delivering real-time actionable intelligence.
SureCloud provides software-as-a-service (SaaS) solutions largely aimed at mid-market organizations with regulatory obligations, so that they can benefit from cost savings through automated information security management and simplification of the compliance process.
Current position
SureCloud Collaborative Compliance Platform is the total solution developed to help organizations adopt GRC and more importantly to embed it in the day-to-day operational activities. To make this more accessible, SureCloud offers it as a SaaS solution, which opens up the GRC toolset to mid-sized companies as well as large organizations.
The SureCloud solution suite is based on three main areas of GRC that, in Ovum’s opinion, simplify its adoption appeal.
First, it performs the assessment and monitoring activity needed to understand the current position within an organization. This is performed using automated technology to assess digital assets for vulnerabilities, configuration issues, weaknesses, and security breaches, which are then fed into the risk and compliance processes.
Second, it uses process automation technology to minimize human intervention, therefore reducing costs and increasing reliability. The process automation capability covers the main areas of interest for GRC: compliance management, risk management, vulnerability management, policy management, vendor management, and incident response.
Third, it provides tools so that external auditors can be confident that an organization is compliant by demonstrating and providing evidence that can be used to support any claim.
SureCloud is aiming to expand its customer base by adding more templated quick-start solutions for different compliance regulations in different industry sectors. Ovum considers the solution to be easy to use and to provide a good GRC solution for those that have little or no experience of GRC as a discipline.
DATA SHEET
Key facts
Table 1: Data sheet
Product name SureCloud Collaborative Compliance Platform Product classification GRC
Version number Major Release 5.0 Release date April 2012
Industries covered All Geographies covered UK
Relevant company sizes All Licensing options Annual Subscription
URL www.https://surecloud.com Route(s) to market Direct
Company headquarters Reading Number of employees Not disclosed
Source: Ovum
APPENDIX
“On the Radar”
“On the Radar” is part of Ovum’s series of research notes that highlights up-and-coming vendors that bring innovative ideas, products, or business models to their markets. Although “On the Radar” vendors are not always ready for prime time, they bear watching for their impact on markets and could be suitable for certain enterprise and public sector IT organizations.
Author
Roy Illsley, Principal Analyst, IT Software
Disclaimer
All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the publisher, Ovum (an Informa business).
The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions, and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect.