So now everyone is an IT GRC vendor

As a marketeer for a technology company, you work really hard to tease out the key points of differentiation and attempt to coin a segment that defines your being. IT-GRC (short for Information Technology Governance, Risk & Compliance) is a term that started gaining momentum about a year ago. At that time Gartner, Forrester, EMA and other research analyst firms started using it to describe exactly what Securityworks does. Next thing you know customers are achieving tangible results from these solutions and the press begins writing articles about it.

Then, along comes tangential segments that do 20-30% of what we do...now all of a sudden they are "IT-GRC" vendors since it's the new "hot" term.

Well, after all that hard work I have to simply say I love the candid article from Alex Handy over at Systems Management News. A couple quotes that say it perfectly...


When Jonathan Penn, research director at Forrester, walked around April's RSA conference, he was appalled by what he saw. “The vendors are destroying what's a very useful approach by claiming for themselves. If you're not an ITGRC vendor, just shut up,” said Penn.

“ITGRC is an incredibly valuable approach to security,” said Penn. “What I like about it is it's a good way to structure what IT does. But it's much more a practice than a product. The tools that manage things at a high level, those are the ITGRC products.”


We completely agree. No single product can encompass IT-GRC. Our product is a good foundation but what's so very important is the people, process and technology that mold around our product. This includes the integration points with other security products into a unified view of your overall security program, not those product calling themselves IT-GRC.