Time flies! With a month since RSA Charge in New Orleans, and many follow-up conversations with colleagues and customers, I found some time today to reflect on what we heard.
It was very encouraging from a “Governance, Risk and Compliance” perspective to see the noticeable growth in both attendees and exhibitors at the event. It clearly validates that GRC is really coming into its own, as arguably the most important part of a company’s cyber risk and security strategy. Furthermore, it validates what we are seeing in the North American marketplace: namely, the pressure on operational risk executives, information security officers, risk officers, CIO’s and other leaders to provide their management and boards a more understandable (accurate, aggregated and transparent) view of risk, so that they can make more informed and confident business decisions.
My take: RSA Archer’s user base is becoming more and more mature in their use of the platform and GRC programs, and they are asking questions that illustrate that, as an industry, we are getting better and better at helping to drive more value from the platform. Let me explain by covering two main points.
1. Advanced Reporting from Archer
The messages I heard at the sessions I was fortunate to attend were around the need for advanced reporting from Archer: things like enhanced visualization, better trending reports, more effective mobile rendering of reports, and so on. To me, this illustrates that organizations appreciate the value of the risk and compliance data that Archer is gathering. More importantly, their executives see this value, and therefore are pushing for more access to this information, in a more meaningful way.
A great proof point was in our information session with EMC. (Thanks to Phil Aldrich for participating and discussing his team’s work with us on proving out our solution to this challenge.) The session was full, with 200+ people keen to understand how Archer data can be accessed by a business intelligence developer, in order to build advanced reports, along with the along with Archer’s permissions model, so that the organization has confidence that access security is still in place.
Our meetings at RSA Charge have led to some real momentum in this area. We have worked with both RSA and several new clients to evolve our reporting solution, including how to support hosted Archer clients. The conversations validated how strategic Archer is becoming for clients who are leveraging the solution to be the enterprise risk platform that it can be.
2. Business Context
A key conversation point at sessions, roundtables and our booth was the need to improve the ability to translate Archer data into something more understandable for business executives. Again, this is evidence of the increased strategic nature of Archer for clients.
I participated in the ERM roundtable discussion, and the passion of the attendees around Archer’s abilities to help their organizations with ERM was so evident. They just wanted to understand how to get more business context into their reports.
We believe that a properly implemented Archer use case should ensure that the platform is acting as a translation layer between IT and the business. But again, clients were looking for more. We heard that they are looking for better ways to integrate other data sources, mapped them into the Archer data store, in order to add the required context for the business.
Our Senior Cyber Risk Consultant, David White, spoke on this topic as it relates to Archer’s ability to better understand cyber risk posture. David only had a short 12-minute slot to present on this, but his message was well received: You have to elevate your cyber security messaging to cyber risk messaging. Archer’s ability to enhance the cyber security message with business context changes the whole conversation from an IT discussion to a business discussion, driving significant business benefits.
David has already proved this as an Archer customer himself at a large digital bank. I learned a lot more, just listening to the Q&A session at the end of his presentation. Again, this validates for me how strategic Archer can be for companies, and more importantly, how much firms are eager to “get there”. It was very exciting to hear how passionate the Archer user community is around their desire to better leverage Archer. They are under increased pressure to confidently explain to their management where they are most exposed to cyber risk, and what controls are in place today, so that the organization can more effectively allocate protection funding.
I would welcome your feedback and questions on these two topics at firstname.lastname@example.org. I would also welcome your thoughts on what resonated for you from the event. In the meantime, thanks to all those who allocated some of their time at RSA Charge to visit us, and engage in some great dialogue.
Happy Thanksgiving to all in the US today!