RealTime IT News

Brabeion's 'GRC as a Service' Targets Compliance

Brabeion is the latest vendor to offer a solution to corporations looking for relief from the burden of regulatory compliance. In Brabeion's case, its governance, risk and compliance (GRC) solution comes in Software as a Service (SaaS) form.

Brabeion On Demand, released today, is designed for enterprises that want to jump-start their GRC efforts. This lets enterprises set and establish policies, and measure how and how well those policies are implemented.

"GRC, in essence, is a continuum for setting rules and policies, ensuring they meet regulatory and business requirements, then measure how well the rules are implemented against those requirements, " Brabeion co-founder Steve Schlarman told Internetnews.com.

"Our offering enables a company to build the continuum."

Brabeion On Demand has a knowledge base with content from consultancy PriceWaterhouse and other experts that enterprises can leverage. Brabeion's tool then measures operations against the requirements and puts controls in place.

Implementing a GRC infrastructure is expensive. IDC analyst Doug Chandler forecast that worldwide revenues for just one technology required, storage services, would grow from $31.7 billion in 2007 to $39.9 billion by 2012.

Brabeion On Demand will "help organizations jump-start the program," Schlarman said. "We help leapfrog companies into the full GRC infrastructure without their having to build or implement it."

There are lots of other companies offering GRC in SaaS mode in the market. Forrester analyst Michael Rasmussen said in an article in Risk Management Magazine that one-third of GRC purchasers are using SaaS vendors.

SaaS is no panacea

That having been said, enterprises have to consider whether or not SaaS is a suitable option for their GRC solution, Brian Cleary, vice president of marketing at GRC products vendor Aveksa told InternetNews.com.

"If the business value of whatever application, data or business process you're outsourcing is low and your business objective is to increase operational efficiency and reduce expense, SaaS may make sense for you," he added. (Aveksa offers a line of on-premises GRC software, not SaaS).

Hence, Web conferencing and customer relationship management (CRM) are areas where SaaS is highly effective. "SaaS needs to have a self-contained model like Salesforce.com and WebEx," Cleary explained.

However, high-risk applications such as bank treasury and settlement applications, are not suitable for SaaS. This is because "they're too risky from the security perspective. They have too much value to the business, and the value that business derives from being able to tightly control that application and the data and the processes they support is too high," Cleary explained.

SaaS won't be effective where the GRC application monitors a lot of systems, either. "The more interconnectivity you need throughout the enterprise, the lower the value of SaaS," Cleary said. "With GRC you need that interconnectivity."