EMC Makes Bold Move into ‘GRC’ Market With Archer Acquisition…But Is It the Last?

Wade Roush1/5/10Comments (1)Follow @wroush

Share

Order a Reprint E-mail this Story

• Tweet

(Page 2 of 2)

“we have a unifying story that we are actually taking to market in the next quarter.” It’s likely that the Archer acquisition is part of what he was talking about.

But there may be more as well. Interestingly, Coviello stressed in the interview that he felt many companies stop with the C in GRC—merely demonstrating compliance with the letter of financial regulations like the Sarbanes-Oxley Act of 2002 or data privacy regulations that will go into effect in Massachusetts this spring, without adopting processes with real teeth that will actually prevent problems.

“As much as everyone hates regulation, they will take the regulations and say, ‘Tick, tick, tick-I’m complying so I can ignore the governance and risk part,’” Coviello said then. “So that’s why you get people who pass the PCI [payment card industry] audits and then wonder why they have breaches of their credit-card databases. That doesn’t mean that the companies that focus on compliance and reporting aren’t helpful, but that ought to be the means by which you prove out what you’re doing on governance and risk.”

In light of those remarks, it’s reasonable to wonder whether the Archer acquisition is just part of an even larger GRC strategy at RSA and EMC. After all, the focus of Archer’s technology is on compliance and reporting. It’s really about helping customers visualize what IT-related security policies they have in place, for example, and documenting that they’re being followed.

“You can’t manage what you can’t see,” Coviello said in today’s acquisition announcement. Archer’s technology, he said, “not only offers the visibility into risk and compliance that customers need,” but it helps them “better manage their security programs and prove compliance across both physical and virtual infrastructures.”

So if, as Coviello says, compliance and reporting software are simply the means by which companies demonstrate that have responsible governance policies and risk management procedures in place, then there could be another chapter coming in the GRC story at EMC. The Archer deal could be the prelude, for example, to the introduction (or acquisition) of more technologies that help companies with the G and the R in GRC.

The financial terms of the Archer acquisition were not disclosed. EMC said that Archer will remain in Overland Park, a suburb of Kansas City.

Wade Roush is Xconomy's chief correspondent and editor of Xconomy San Francisco. You can e-mail him at wroush@xconomy.com or follow him on Twitter at twitter.com/wroush.