The simple fact that there is an IT governance, risk and compliance market, spawning start-up companies like Agiliance, underscores both the growing maturity of IT and IT security and the business and regulatory pressures that are compelling companies to be accountable for their operations.
Agiliance, just over two years old, announced the acquisition of Phulaxis, and incorporated its technology as the Controls Automation module for its Agiliance IT-GRC 3.0 product. The module provides automated user access controls for identity management systems, middleware, databases and applications.
Governance, risk and compliance have generally been scattered in silos throughout large organizations, even those in sectors like financial services, which have matured governance and risk models and a long history of regulatory control. IT operations have become far more complex, and extend to global partners and customers, many of them demanding evidence of strong controls. SOX and PCI-DSS have brought have forced companies to ride herd on their operations as never before.
The real value of IT GRC tools like Agiliance’s and others is to bring unify processes that are scattered in business silos, and automate, to some degree, the costly, resource-intensive operations required to meet internal and external requirements.
The acquisition of Phulaxis adds an important piece—the identity management aspect of compliance, particularly for SOX 404. Monitoring, auditing and, as needed, addressing abuses of user access privilege is an increasingly important part of IT governance and compliance that reaches across many segments of the IT security market, from GRC to SIEM to NAC.
– Neil Roiter