November 10, 2010
I'm proud to say that we published my report "Market Overview: GRC Platforms" earlier today.
It will come as little surprise to most of you that the overall GRC market is still saturated with relatively small vendors, many of which continue to struggle to maintain their market niches. At the same time, a handful of market leaders (notably BWise, IBM/OpenPages, MetricStream, RSA/Archer, and Thomson Reuters/Paisley) continue to distance themselves from the rest of the pack, while several large competitors (including Oracle, SAP, SAS, Software AG, and Wolters Kluwer) put more and more pressure on the market all the time.
It's been interesting to watch these vendors that competed head-to-head regularly for SOX compliance deals now drifting further apart . . . some focusing more on risk management and analytics, some strengthening their compliance and content offerings, some building deeper integration with IT systems, and others building bridges into audit departments. The current environment of increased government oversight and regulation — and in some cases, reform of whole industries — worldwide promises to bring a strong resurgence to the GRC platform market overall, which means increased competition both from veteran vendors and newcomers alike.
This resurgence is a welcome sign, and it will help many of these vendors justify significant advances in their product and services delivery. However, it cannot be sustained. If vendors continue chasing the latest regulatory changes or newsworthy risk concerns, their customers will likely fail to see the longer-term benefits of GRC programs: process improvements, risk and loss reductions, and support for more informed strategic decisions.
I will be putting together my report on GRC predictions for 2011 and welcome any input you may have on what your expectations are for next year. And as always, if you have any comments or questions about this most recent report, please feel free to drop me an email at firstname.lastname@example.org.