On the heels of the publication of our Cool Vendors in Risk Management report, I am now beginning to see the dawn of a new era in governance, risk and compliance (GRC) technologies that undoubtedly will disrupt the current marketplace. This new era is centered on the evolving digital business transformation initiatives that are taking hold in many companies around the globe. According to our recently published 2015 CEO Survey, 77% of CEOs believe that digital business is bringing new types and levels of risk. At the same time, 65% of CEOs see their risk management disciplines falling behind.
This is no surprise since our clients have been asking questions such as the following:
- How do these new digital risks impact the company’s ability to achieve its strategic business outcomes?
- In what ways can these new digital risks be quantified to adequately prepare and anticipate a negative business outcome?
- How can the company evaluate the level of risk assumed by implementing digital solutions supported by cloud service providers?
As a result, a new ecosystem of GRC software applications is set to explode. This set of software applications will be known as “Digital GRC” and will facilitate the management of GRC activities associated with digital business components such as cloud, mobile, social, big data and the internet of things (IoT).
Much like traditional GRC software offerings, these new technologies will allow for the integration of IT risk sub-systems to provide a “command and control” capability across the wide array of digital assets (see graphic below). In addition, Digital GRC will aggregate risk profile data to enable risk-based decision making and prioritization of risk management resources to create an agile and resilient enterprise.
I will be presenting more on Digital GRC and other related topics at our upcoming Gartner Security and Risk Management Summit in Washington, DC. Hope to see you there!
Category: cyber-security data-and-analytics-strategies digital-risk information-technology it-risk-management operational-risk-management risk-management security-of-applications-and-data technology-and-emerging-trends
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.