Quadrant Knowledge Solutions recent analysis of the global GRC platform market provides strategic information to the technology vendors in formulating their growth strategies and users in evaluating different vendors capabilities, competitive differentiation, and market position. The research includes an in-depth analysis of major GRC Platform vendors evaluating their platform capabilities, market presence, and overall value proposition. The evaluation is based on primary research with expert interviews, analysis of use cases, and Quadrant’s internal analysis of the overall GRC platforms market.
This study includes analysis of key GRC vendors including Enablon, IBM, LockPath, LogicManager, MetricStream, Nasdaq BWise, Navex Global, Resolver, RSA Archer, Rsam, SAI Global, SAP, ServiceNow, and Thomson Reuters. Each of these vendors has comprehensive product offerings, strong value propositions to support diverse range of GRC use cases, and market & technology strategies to support future market needs.
Market Dynamics and Trends
GRC platforms market is expected to grow significantly during 2018-2023
Globally, the GRC platforms market is growing rapidly. The market growth is primarily driven by ever-growing complexities of regulatory compliance, increasing concern for privacy and intellectual property protection, growing internal and external threat landscape, and cybersecurity concerns. Users are increasingly viewing GRC solutions as a strategic investment and an enabler for ensuring business practices, operating models, and corporate behaviors are socially accepted by employees, partners, stakeholders, and the public at large.
GRC software enables organizations to integrate and manage processes and data to effectively meet company objectives related to governance, risks, and compliance management. All major integrated GRC platform vendors provide key GRC functionalities, including enterprise risk management, compliance management, audit management, vendor risk management, business continuity management, IT governance & security, risk analytics, reporting, and visualization, and such others.
The following are the key research findings of Quadrant’s GRC platforms research:
- GRC platforms market is expected to grow significantly in the next five to six years from the market size of $5.10 billion in 2018 to over $14.79 billion by 2023. The global GRC platforms market is expected to grow at a compound annual growth rate (CAGR) of 19.6% during forecast period of 2018 to 2023.
- Though the GRC market is primarily dominated by on-premise deployments, the market is rapidly moving towards cloud-based deployment. By the year 2021, SaaS-based GRC deployment is expected to be the primary market contributor capturing over half of all the total GRC deployments. By the year 2023, SaaS-based GRC is expected to contribute 59.6% of the total market compared to 40.4% for an on-premise deployment. Majority of the large organizations are adopting a hybrid approach to get the benefits of rapid scaling as well as safeguarding their processes and applications against major disruptions. Users may move majority of the applications on the public cloud and most of the business-critical applications on the private cloud depending on the factors including scalability and responsiveness of the applications.
- Majority of the popular GRC platforms include the core functionalities of enterprise risk management, compliance management, IT governance, Audit, security management. Some of the key competitive and technology differentiators include breadth of GRC platform capabilities, ease of deployment & use, ease of workflow creation and ease of making changes, content management, and sophistication of analytics & reporting.
- Automation is emerging as the most prominent trend in the overall information security and risk management technology market. Users are increasingly looking at automation solutions not only to manage routine financial and accounting processes but also to manage financial controls against frauds, abuse, and errors. Automation in risk and compliance management processes, including continuous monitoring of all processes and workflows, updating industry standards and regulatory content, and such others can help organizations in improving productivity and optimize human involvement while ensuring regulatory compliance and integrity of financial processes.
- Integrated GRC vendors are embracing artificial intelligence (AI) and machine learning technologies to facilitate organizations understand and anticipate risks in various enterprise, business, and financial processes. With AI application in security and risk management, organizations can soon detect emerging external threats, such as new malware, with the help of robust machine learning and AI-based algorithms. AI-based algorithms can also help in discovering internal risks based on employees’ actions and behavior patterns. The vision is to deploy a self-governance model for automatic risk identification and its assessment, risk prioritization, and self-remediation based on the advanced AI and machine learning capabilities.
Competition Landscape Analysis of the Global GRC Platforms Market
Rsam is Recognized as 2018 Technology Leader in the Global Market
Quadrant Knowledge Solutions conducted an in-depth analysis of the major GRC Platform vendors by evaluating their product portfolio, market presence, and value proposition. The evaluation is based on the primary research with expert interviews, analysis of use cases, and Quadrant’s internal analysis of the overall GRC Platforms market. Quadrant’s competitive landscape analysis compares vendors’ technological capabilities in providing GRC solutions in terms of technology excellence performance and customer impact. Performance in technology excellence is measured by parameters, including sophistication of technology, technology application diversity, scalability, competitive differentiation, and industry impact. Customer impact includes parameters, such as addressing unmet needs, product performance, proven records, ease of deployment, and customer service excellence. According to research findings, Rsam, with the comprehensive, integrated GRC platform, is positioned amongst the 2018 technology leaders in the global GRC platforms market.
Founded in 2003, Rsam is amongst the top three technology leaders of the Global GRC platforms market. Rsam offers an integrated and configurable GRC platform with an adaptive framework suitable for a wide range of GRC applications, industry-specific solutions, and compliance requirements. The company offers a variety of modules to support wide-range of use cases related to GRC and security operations management.
Rsam Capabilities in the Global GRC Platforms Market
Rsam has organized its different modules into three-go-to-market portfolios which include GRC, Security Operations, and Vendor Risk Management (VRM) solutions. Rsam is well-recognized amongst its customers for its easy to use technology framework, fast implementations, and ability to support diverse use cases and industry-specific applications.
- GRC Solutions: Rsam offers a full-suite of integrated GRC solutions with modules including audit management, business continuity, continuous control testing, enterprise risk management, exception management, financial controls management, GDPR, incident management, NIST CSF, policy management, risk and compliance management, and regulatory change management. The company uses a relational architecture and connected data model to facilitate dependencies and relationships within and between modules. The Rsam GRC solution is well-known for its flexible and scalable architecture. It enables customers to use out-of-the-box configurations for rapid implementations as well as create their own custom solutions through its user-friendly and intuitive drag-and-drop configurability. Rsam invests nearly 30% of its revenue for R&D and offers a comprehensive GRC framework with capabilities including a sophisticated data architecture, workflow automation, advanced business rules, content management for a variety of compliance initiatives, detailed reporting and analytics, and impressive technology integration capabilities which include Rsam’s universal connector, native API, and ability to integrate with other application APIs.
- Security Operations Analytics and Reporting (SOAR) Solution: Rsam SOAR solution includes threat management, vulnerability management, and security incident response modules. Rsam’s security incident response platform (SIRP) simplifies threat monitoring and accelerates its resolution. It provides incident detection and threat intelligence capabilities using API connectors and Email Listener. With its dynamic workflow, users can replicate any existing incident management processes and make changes as the process evolves. Event and playbook rules enhance efficiency and provide guidance over remediation process. Users can also correlate related incidents over an extended period in the SIRP platform. Rsam’s Vulnerability Management module helps in consolidating large volumes of risk data from multiple security tools to simplify risk assessment and automating the remediation process and workflows to ensure compliance to regulations and policies. The module, with risk-based workflows, supports alerts to assigned tasks, email notifications, and escalation based on defined criteria. It also enables users to develop and prioritize remediation activities, record action plans, set target dates, and keep track of progress with timely reports.
- Vendor Risk Management (VRM): Rsam’s VRM solutions include the Vendor Risk Management module and third-party integrations for cybersecurity and financial ratings. Rsam uses a relational data model to centrally record and organize risk management data for a complete 360-degree vendor view. It provides strategic insights for individual or relative vendor risks via library of reports and dashboards. The solution enables users to manage and report vendor on-boarding, classification, compliance assessments, findings remediation, vendor contracts, SLAs, and performance metrics. Rsam’s VRM solution also provides third-party integration for security and cybersecurity ratings to support criticality assessments and/or influence risk score calculations. Rsam is gaining increasing traction amongst users for its VRM solution for third-party vendor risk analysis and management. Rsam’s VRM solution, with intuitive workflow, helps organizations in categorization, assessment, monitoring, issue tracking, notification, remediation, and reporting.
- Competitive Differentiation: The Rsam platform is designed for business users and supports easy configuration of its data architecture, automation, business rules, reporting, and integration with no custom coding requirements. Rsam technology differentiation can be attributed to its sophisticated data model, platform’s adaptability, and performance. Rsam’s data model is based on a relational data structure. It integrates information about risk assessments, assets, threats and vulnerabilities from disparate sources into an easy to use object-oriented risk framework. This enables organizations to track all risk management, controls, and remediation activities in a single centralized framework. The Rsam platform is designed to be adaptable and can be configured to address rapidly changing business requirements without coding. The Rsam platform is suitable to handle large data volumes and process records as per business requirements while maintaining high-performance levels. Unlike traditional GRC solution, Rsam offers quick implementations and quick time to value. Users can start with their baseline configuration focusing on the most critical use-case and add additional modules later based on growing business requirements.
The Last Word
GRC solutions are often associated with long implementation and extended time to value. Traditionally, GRC initiatives by various organizations are fragmented and addressed with domain-specific and point solutions for specific application by different departments. Organizations are increasingly facing challenges due to growing complexities of regulatory requirements and increasing concerns for data breaches, financial risks, reputational risks, compliance violations. The siloed approach to risk and compliance management is no longer effective in the present scenario. Users are increasingly adopting an integrated GRC platform to protect corporate integrity, improve compliance, enhance brand value, and improve business performance with a well-designed GRC program.
Rsam, with its integrated and configurable GRC platform, is well recognized for its flexible technology architecture, adaptability, quick implementation and time to value. The company has been able to compete successfully in the large enterprise customer segments and drive significant revenue growth in recent years. Driven by its comprehensive GRC platform capability and strong customer value, Rsam is positioned amongst the top three technology leaders in the global GRC platforms market.Knowledge Brief – Rsam, 2018 GRC Platforms Market