What a good way to kick off what should be another exciting year in GRC. Just less than a year ago, Archer Technologies brought consolidation to the IT GRC market with its acquisition of rival Brabeion. The vendor food chain continued today as EMC announced an agreement to acquire Archer into its RSA product division.

Details such as product integration and go-to-market strategy will trickle out slowly of course, but so far, this is a significant deal for a couple of reasons:

  • Archer fills a substantial void in EMC’s product offering, which included many elements of GRC, but no central platform to pull it all together.
  • EMC will introduce the Archer products to a much larger set of potential customers…most notably as a platform to manage security and compliance, but also to customers with requirements for related areas like vendor management or business continuity.
  • It brings another IT heavy-weight fully into the GRC space, with substantial engineering resources to work on product development (but only if Archer continues to be seen as a top priority within RSA).

As we watch this acquisition come together, as well as other upcoming announcements that will make the GRC space even more competitive, here are a few questions to consider:

  • Can EMC build on Archer’s emergence from IT GRC into other areas of the business through EMC consulting or other product lines, or will Archer’s place within the RSA division keep the development and marketing efforts focused on IT security and risk?
  • Will other large IT vendors or niche GRC providers be pressured by this announcement into solidifying deals of their own, or will they continue their wait-and-see approach to the market?
  • How will this announcement shift the direction of GRC implementations, which are currently being pulled in opposite directions — into the business realm through dashboards and content delivery or into the IT realm through infrastructure and integration?

Stay tuned