tiero - Fotolia

News

2015 might be a big year for these GRC technologies

This could be a big year for GRC technologies. #GRCChat-ters predict which tools and processes will continue their upward trend in 2015 and which will wane.

Brian Holak, Site Editor

Published: 19 Jan 2015

Governance, risk and compliance (GRC) technologies are constantly in flux, making it tough to predict which innovations and strategies will rise and fall in the coming months or years -- but that doesn't stop IT experts from taking their best shot at it.

During the 2014 Gartner Symposium/ITxpo, Gartner Research Inc. released its list of the top 10 strategic technology trends for 2015. In the list, Gartner predicted that analytics will take center stage this year as more data is generated and analyzed, while "risk-based security and self-protection" will flourish due to increased security awareness and improved risk assessment tools.

What GRC technologies do you think will rise and fall in 2015? In the latest #GRCChat, SearchCompliance editors and followers shared which tools they think will gain more widespread usage in 2015 and which will fade into obscurity.

As mandates and IT threats evolve, compliance and risk management processes can be a significant burden on company resources. As discussed in a previous #GRCChat, automation can save money and time, as well as reduce data management errors. Making the switch to an automated compliance process can also change the nature of GRC jobs and skill sets, which is an important factor in automation's evolution.

According to SearchCompliance editors Rachel Lebeaux and Benjamin Cole, we may be seeing a lot more automated GRC technologies and processes in the workplace in 2015:

@ITCompliance A4 I think more #automation around #GRC is a given in 2015 and beyond, but human review still necessary component. #GRCChat
— RachelTT (@RachelatTT) December 18, 2014

A4 More automated GRC processes too- GRC data management is complicated with many redundancies- can consolidate via automation #GRCchat
— Ben Cole (@BenjaminCole11) December 18, 2014

Cole also senses more cloud concerns and privacy-related compliance regulations are in store for 2015, which align with an increased focus on security:

A4 Businesses may become more wary about cloud use due to security concerns, unless providers start to address them #GRCchat
— Ben Cole (@BenjaminCole11) December 18, 2014

A4 Privacy will also continue to be a huge issue, especially as breaches cont and more Privacy-related comp regs pop up #GRCchat
— Ben Cole (@BenjaminCole11) December 18, 2014

Another technology of interest to our #GRCChat-ters is a honeypot, a computer system designed to "trap" anybody who attempts to breach another computer system. With security on everyone's mind in the wake of several high-profile breaches, more companies are feeling pressure to adopt a more active cyberdefense strategy to protect their data -- making honeypots an increasingly more attractive option. However, honeypots aren't without their share of dangers, making their future in the enterprise somewhat uncertain.

Nicole Laskowski, SearchCIO's senior news writer, inquired whether honeypots would stick in 2015, triggering this unanimous response:

What about honeypots? Will they go or will they stay in 2015? #GRCchat
— Nicole Laskowski (@TT_Nicole) December 18, 2014

. @TT_Nicole if honeypots work in keeping out hackers, they will definitely stay- biz needs all the data security help they can get #GRCChat
— Ben Cole (@BenjaminCole11) December 18, 2014

@TT_Nicole i think they'll stay as more co.s pursue offensive security tactics, bc more desperate as threats grow more advanced #grcchat
— Fran Sales (@Fran_S_TT) December 18, 2014

Big data analytics has a role to play in GRC activities as well. It requires well-planned analytical processes and people with the talent and skills needed to leverage the technologies, but -- if done correctly -- the payoff is often worth the extensive preparation. "Analytics will become deeply, but invisibly embedded everywhere," said David Cearley, a Gartner vice president and fellow, at a recent conference.

#GRCChat participants predicted a notable rise in big data analytics for GRC in 2015, especially in regards to predictive analysis and security management:

A4 As mentioned more use of big data analytics for GRC- rather than being overburdened with info use it to advantage if poss #GRCChat
— Ben Cole (@BenjaminCole11) December 18, 2014

A4 #BigData analytics for #security *and* systems mgmt e.g., @RedLambda @Splunk etc. More bang per buck #grcchat
— knowlengr (@knowlengr) December 18, 2014

A4 I expect predictive analytics, especially for fraud detection, will continue to gain prominence in 2015. #GRCchat
— Nicole Laskowski (@TT_Nicole) December 18, 2014

A4: Better analytics and more predictive response to events. #grcchat
— Forvalaka41 (@Forvalaka41) December 18, 2014

What GRC technologies do you think will rise and fall in 2015? Sound off in the comments section below.

Next Steps

For more from this end-of-year #GRCChat, check out participants' biggest GRC regrets of 2014, as well as their top GRC resolutions and predictions for 2015. Then head over to SearchCIO for more of Gartner's top 10 strategic technology trends for 2015. And don't forget to check out SearchCompliance's 2016 list of GRC events for IT leaders.

Dig Deeper on Managing governance and compliance

Wearables in the workplace strain existing GRC policies Have you considered the GRC implications of wearables in the workplace? In this #GRCChat recap, participants consider the impact of wearables on established policies and how businesses can ensure data security and privacy.

GRC 2015: What do you hope to achieve this year? A new year means a fresh start. In this #GRCChat recap, participants assess their current IT challenges and share their GRC 2015 resolutions.

What were your top IT GRC regrets from 2014? Information security is moving up the priority list at many organizations. In this #GRCChat recap, participants look back at 2014 to discuss their top IT GRC regrets.

Active defense: The perils of cybervigilantism Legally ambiguous active defense strategies are risky -- and costly -- for businesses, but could the benefits outweigh the drawbacks? In this #CIOChat recap, participants highlight the hazards of hacking back.

How to build on PCI DSS regulations and confront mobile payment apps Compliance with PCI DSS regulations is only the start of a sound security strategy. In this #GRCChat, participants discuss additional measures to protect data and the complexities around mobile payment applications.

Is meeting PCI DSS standards enough to protect customer data? In the wake of several high-profile data breaches, #GRCchat participants discuss whether meeting PCI DSS standards is an effective step toward better customer data protection.

Brian Holak asks:

Which GRC technologies are you investing in this year?

Join the Discussion

Join the conversation

3 comments

Send me notifications when other members comment.

Oldest

[-]

Brian Holak - 19 Jan 2015 1:01 PM

Which GRC technologies are you investing in this year?

mcorum - 21 Jan 2015 11:21 AM

We’ve been slowly implementing different modules of ServiceNow, including Change, Release, Configuration, Problem, and Incident Management. Our plans are to invest in the implementation of the IT GRC module this year to allow us better align the different process areas and pull them into a coherent whole.

Ben Cole - 22 Jan 2015 2:00 PM

Yes mcorum I have been hearing about that strategy a lot lately- combining the use of several tools/technologies to ensure top down, organization wide GRC. I still don't think there is any one tool/tech out there that will fill every organization's GRC needs because every company's needs and capabilities will be unique.

2015 might be a big year for these GRC technologies