EMC Makes Bold Move into ‘GRC’ Market With Archer Acquisition…But Is It the Last?

“we have a unifying story that we are actually taking to market in the next quarter.” It’s likely that the Archer acquisition is part of what he was talking about.

But there may be more as well. Interestingly, Coviello stressed in the interview that he felt many companies stop with the C in GRC—merely demonstrating compliance with the letter of financial regulations like the Sarbanes-Oxley Act of 2002 or data privacy regulations that will go into effect in Massachusetts this spring, without adopting processes with real teeth that will actually prevent problems.

“As much as everyone hates regulation, they will take the regulations and say, ‘Tick, tick, tick-I’m complying so I can ignore the governance and risk part,'” Coviello said then. “So that’s why you get people who pass the PCI [payment card industry] audits and then wonder why they have breaches of their credit-card databases. That doesn’t mean that the companies that focus on compliance and reporting aren’t helpful, but that ought to be the means by which you prove out what you’re doing on governance and risk.”

In light of those remarks, it’s reasonable to wonder whether the Archer acquisition is just part of an even larger GRC strategy at RSA and EMC. After all, the focus of Archer’s technology is on compliance and reporting. It’s really about helping customers visualize what IT-related security policies they have in place, for example, and documenting that they’re being followed.

“You can’t manage what you can’t see,” Coviello said in today’s acquisition announcement. Archer’s technology, he said, “not only offers the visibility into risk and compliance that customers need,” but it helps them “better manage their security programs and prove compliance across both physical and virtual infrastructures.”

So if, as Coviello says, compliance and reporting software are simply the means by which companies demonstrate that have responsible governance policies and risk management procedures in place, then there could be another chapter coming in the GRC story at EMC. The Archer deal could be the prelude, for example, to the introduction (or acquisition) of more technologies that help companies with the G and the R in GRC.

The financial terms of the Archer acquisition were not disclosed. EMC said that Archer will remain in Overland Park, a suburb of Kansas City.

Pages: Page 1, Page 2

Author: Wade Roush

Between 2007 and 2014, I was a staff editor for Xconomy in Boston and San Francisco. Since 2008 I've been writing a weekly opinion/review column called VOX: The Voice of Xperience. (From 2008 to 2013 the column was known as World Wide Wade.) I've been writing about science and technology professionally since 1994. Before joining Xconomy in 2007, I was a staff member at MIT’s Technology Review from 2001 to 2006, serving as senior editor, San Francisco bureau chief, and executive editor of TechnologyReview.com. Before that, I was the Boston bureau reporter for Science, managing editor of supercomputing publications at NASA Ames Research Center, and Web editor at e-book pioneer NuvoMedia. I have a B.A. in the history of science from Harvard College and a PhD in the history and social study of science and technology from MIT. I've published articles in Science, Technology Review, IEEE Spectrum, Encyclopaedia Brittanica, Technology and Culture, Alaska Airlines Magazine, and World Business, and I've been a guest of NPR, CNN, CNBC, NECN, WGBH and the PBS NewsHour. I'm a frequent conference participant and enjoy opportunities to moderate panel discussions and on-stage chats. My personal site: waderoush.com My social media coordinates: Twitter: @wroush Facebook: facebook.com/wade.roush LinkedIn: linkedin.com/in/waderoush Google+ : google.com/+WadeRoush YouTube: youtube.com/wroush1967 Flickr: flickr.com/photos/wroush/ Pinterest: pinterest.com/waderoush/