More than ever, organizations require enterprise solutions that satisfy the needs of business units that share common processes and reporting structure. For convergence to occur, a solution must be configurable and deliver the scalability, need-to-know access control privileges and ad-hoc transactional collaboration that solve the business need for rapidly accessible and consistent analytics. In the governance, risk, compliance and security realms, a key component is the one-to-one ratio between records and incidents. Traditionally, a stolen laptop would be reported to Corporate Security, who would create an incident in their silo, send an e-mail to IT Security and Compliance who each create a new record in a different tracking system. The use of various systems resulted in conflicting data, uncertain resolution and impossible analysis.  Consequently, organizations were unable to provide accurate compliance statistics or scientifically prioritize opportunities for mitigation that maximized return on investment.

In a post on a similar topic, Brandon Dunlap of brightfly predicted that the 2009 GRC and Security marketplace would reward solutions that “support the security and audit processes of the organization as opposed to those that block a particular threat.” With increased oversight and anticipated new regulations that governments will enact through the remainder of the year, I concur with Mr Dunlap’s assessment that organizations will begin increasing the efficiency of the security and audit processes by allowing the data collected through these processes to drive ROI-based decisions. Much of the data collection will come from the corporate security, ethics and compliance, human resources, IT security and security operations functions who serve as the front-line responders to organizational risk. In order to accurately capture the data required for audit, organizations will begin aligning the systems and personnel responsible for collecting the data. As John Petruzzi writes, the move toward alignment is such that “you will either adapt or you and your respective department will become marginalized or potentially eliminated.” Evidence and opinion indicate the successful professional will champion alignment or become a casualty of redundancy.