« From Virtualization To Federation | Main | The Continuing Consumerization Of Enterprise IT »

January 04, 2010


Bill Ender

Chuck, in general, I agree with your thinking regarding GRC; in particular, your definition of the GRC components is among the most concise I've encountered ("GRC Thinking From An IT Perspective," January 15, 2009) -- kudos to you for that.

But I'm not entirely aligned with you on the relationship of a GRC framework to the reluctance of large enterprise IT users to migrate to cloud computing. I submit that if you "ask any 10 large enterprise IT users as to why they won't use external service providers (e.g. cloud)," their primary concerns are security of their information -- a given -- and *integration* with their internal/legacy processes.

Any number of individual applications, processes, and component suites (e.g. ERP, CRM, etc.) can be and have been successfully replicated in external "managed services" models over the past 10+ years. But many large enterprises have invested an incredible amount of time, effort, and resources in "hooking things together" to serve their particular business needs. *That's* the stuff that's daunting when it comes to considering migrating to cloud computing -- i.e., how to unwind (or even understand) the years of "spaghetti code" and middleware connections that have been built up over time.

That said, do *I* think that EMC/RSA's acquisition of Archer makes sense? ABSOLUTELY! I've known Jon Darbyshire and his team for many years and led the implementation of Archer's framework for one of their earliest, largest, and longest customers. I, personally, encouraged Archer several years ago to expand from its earlier Information Security-centric model and incorporate GRC functions; because it was obvious that the outstanding work they had done with Policy Management, Risk Assessment, and other modules and their role-based access controls could be applied effectively to other operational risk domains (Vendor Management, BCP, etc.). And, in my view, Archer's Compliance Management and Audit Management modules are a master stroke of genius that puts them in a category by themselves as a GRC suite. Having the Archer product in your toolkit along with EMC/RSA's other products I see as a significant advantage -- both for you and for Archer's existing and future customer (for whom it effectively deflates the "but they're such a small company" argument). The most exciting element of this acquisition to me will be watching how the Archer platform becomes integrated with some of the other EMC/RSA apps. If you're ever in need of an experienced and forward-thinking Archer evangelist, give me a shout.

Chuck Hollis

Hi Bill -- good to hear from you!

We're both right -- there's plenty of interrelated spaghetti in most IT environments, and simply carving off free-standing pieces may not be practical, nor interesting for many.

However, as a counterexample, consider Microsoft Exchange -- not usually the case that it's as interwoven as many apps, so the "security, SLA, compliance" concerns get more play.

A similar rationale often comes into play when discussing self-service computing environments for knowledge workers. That stuff ain't entangled too much, so you get the red herring.

Glad to know that you're a big fan of Archer, and see the rationale of the deal. And, if you'd like to consider maybe exploring opportunities at EMC, well, we could talk about that!

Thanks so much for the detailed and thoughtful comment!

-- Chuck


just kicking off an analysis looking at some related tools so i have pinged your AR folks about a demo and briefing. we nailed Compliance Oriented Architecture as a model in 2004 so its great to see this stuff coming to pass. looks like a good acquisition....


James Governor, RedMonk aka @monkchips

The comments to this entry are closed.

Chuck Hollis

  • Chuck Hollis
    SVP, Oracle Converged Infrastructure Systems

    Chuck now works for Oracle, and is now deeply embroiled in IT infrastructure.

    Previously, he was with VMware for 2 years, and EMC for 18 years before that, most of them great.

    He enjoys speaking to customer and industry audiences about a variety of technology topics, and -- of course -- enjoys blogging.

    Chuck lives in Vero Beach, FL with his wife and four dogs when he's not traveling. In his spare time, Chuck is working on his second career as an aging rock musician.

    Warning: do not ever buy him a drink when there is a piano nearby.

    Note: these are my personal views, and aren't reviewed or approved by my employer.
Enter your Email:
Preview | Powered by FeedBlitz

General Housekeeping

  • Frequency of Updates
    I try and write something new 1-2 times per week; less if I'm travelling, more if I'm in the office. Hopefully you'll find the frequency about right!
  • Comments and Feedback
    All courteous comments welcome. TypePad occasionally puts comments into the spam folder, but I'll fish them out. Thanks!