The latest acquisition of Archer Technologies fills a gap in EMCs solution ecosystem with a best-in-class GRC software platform. With the Archer acquisition, and the development of an integration layer across EMC products, EMC creates the opportunity to speak more definitively about its capability to provide GRC solutions for core IT assets and operations and across the enterprise. The acquisition also provides a competitive play for EMC against other infrastructure technology providers including Oracle, with its GRC Manager, Microsoft with GRC Solution Accelerators and Sharepoint, CA, with its own GRC Manager, and others interested in their piece of the still-developing GRC marketplace.
This is the third recent announcement by EMC in the arena of risk and compliance. Others include Kazeon, for e-discovery and the formation of SourceOne, and DataDomain, for source and destination data reduction. The Archer SmartSuite and technologies from the RSA Security Division extend EMC’s solutions portfolio with the promise of automating GRC operations across both traditional and virtualized computing environments. Archer brings to EMC the following capabilities, some which have already established a level of integration with EMC products in customer environments:
- Policy Management – a policy engine, to map to objectives and guidelines and regulations
- Risk Management – a risk database to perform and document assessments and metrics
- Compliance, Audit, and Business Continuity Management – to document controls, do audit planning, document testing procedures, and execute BC/DR procedures
- Enterprise Management – to describe relationships and dependencies between business process and technology, risks, and controls
- Vendor Management – to manage controls and compliance of third-party service providers
- Threat Management – to track threats through early warning
Where’s the Value
It’s all about GRC, but not necessarily about the product. Archer fills in a GRC product gap in the EMC product suite, as did Kazeon. And with regulatory and policy compliance, internal controls, and security top-of-mind in firms of all sizes heading into 2010, having a tried-and-true GRC software and delivery asset in the bank is a big plus. With this acquisition, customers can now go to EMC for a more complete set of information governance solutions, including storage, data protection, security, infrastructure management, and virtual computing. Clear GRC value, right?
Integration is the Real Value, the Real Story
The real value EMC generates for customers through this acquisition – the integration value – is significant, but less clear right now. The Archer platform is already all about information integration, configuration management, and data connectors. Integration across heterogeneous technologies is a big part of the Archer model and strategy, delivered by a set of internal GRC consultants and integrators including Accenture and other. So while the Archer acquisition brings to EMC customers a new set of tools, it also adds to the growing enterprise integration challenge and related risks and complexities.
And beyond security integration, including connections to RSA DLP, enVision, SecurID products, there’s a much broader and important integration strategy for EMC to tell and leverage. What integration is planned or needed across EMC products and this new risk management capability – storage, management, data protection, cloud – and what value will customers place on the integration, for example between the Archer policy engine and EMC Ionix, or VMware vSphere for managing private cloud and VCE provided services, or Atmos for directing storage location and performance, or DataDomain for de-dupe and archive?
Keep your Eye on the Beacon
Integration value is the big undercurrent story to the Archer acquisition. An integration layer, code named “Beacon” and announced today by EMC and RSA, appears to be the platform for making this level a integration a reality and delivering policy, risk and event management integration value to the customer.