« SourceClear Diary of a Startup (May)
Security Key Performance Indicators Paper »

Will Oracle, SAP and Microsoft Rule the Information Security Management Waves?

I spend a lot of time in listening mode. Some people may not think I am in listening mode as my mouth is usually always moving; but I am. I have a set of people I use as sounding boards. Some know it and others don’t.  They are from a broad spectrum of geographies, backgrounds, companies, industries and career levels.

A decade ago I used to spend time arguing that information security should ditch security functions like administering SecurID tokens and password resets. Many people disagreed. Today I smugly sit here knowing that few security departments today do basic IT management.

Today I still argue from the same corner. Information security risk should be considered along-side operational risk and IT security is just another IT governance function and should be integrated into overall Governance, Risk and Compliance programs.

Today there are several vendors coming through with information security management software. Agiliance, Archer, ControlPath and several others.  These products are VERY different from what we are building at SourceClear but it’s clear the market is heating up to pragmatic security solutions solving the real problems companies are facing today. This is great news. Compliance is a great buzzword and I still don’t understand it’s contextual meaning most of the time. Further still compliance and governance are very different beasts in the same way security and risk are different. I may be an openbook but do still plan to spring some major surprises in 2008 when we finally get to release so enough of that for now!

My sounding boards are now starting to perk up when I ask if they have heard of GRC platforms or their companies are planning to implement them. Oracle and SAP have them already (here and here) and MSFT have all the components and cash in the bank to build one (that like MOM, will likely only work well in a MSFT only shop).

In the big picture information security management may not be big enough revenue stream yet to be interesting to the likes of Oracle, SAP and Microsoft…… but it will.

So will Oracle, SAP and Microsoft rule the information security management waves with their GRC platforms?

Author Disclosure: I have a horse training for this race!

Explore posts in the same categories: Cool Business, Security Industry, Software Development, Startup

This entry was posted on June 6, 2007 at 11:38 am and is filed under Cool Business, Security Industry, Software Development, Startup. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

Comment: