This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2008."
Download it now to read this article plus other related content.
DLP, Database Security and Risk and Policy Management
Risk and Policy Management
Not long ago, notions like policy compliance, risk management and governance were not generally well understood relative to information security. That's changing, thanks to debacles like Enron and WorldCom, data breaches and the maturation of information security as a function of business.
This is not an easy market category to define. Configuration/change management vendors like Configuresoft, Ecora and Tripwire gather information from diverse systems and automate workflows and reporting for operational use and compliance.
At a higher level, IT governance, risk and compliance (GRC) tools operate as control centers for all forms of information, whether gathered directly from systems, from other security/ compliance tools (VA scanners, database monitoring, SIMs, etc.) or through questionnaires and reports generated by managers. Symantec, Archer Technologies, Brabeion, Agiliance, Modulo, Polivec and others fall generally into this category.
In its MarketScope for IT GRC, Gartner estimated software license revenue at $73 million in 2007, and predicts a 70 percent increase this year.
This was first published in April 2008