MetricStream Offers IT GRC Solutions
Dec 18, 2012 (Close-Up Media via COMTEX) --
In increasingly virtualized, mobile, and cloudy world, Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) are confronted with challenges around information security, big data management, and compliance with regulations such as SOX, PCI DSS, HIPAA, NERC, FISMA, and ISO 27001, according to a release.
The traditional approach of managing these requirements in multiple silos and systems is not only inefficient and expensive, but MetricStream noted that it also leads to redundancies and conflicts. Organizations seek to rationalize and harmonize their IT GRC processes, while also providing top-level visibility into enterprise IT risk and compliance data that can help determine areas of concern, and enable management to make actionable decisions based on sound data points.
MetricStream provides a suite of IT GRC solutions that aggregate and unify IT risk and information security and compliance data from across the hyper-extended enterprise. The Company reported that the solutions also help add business context to the data, as well as provide analytics capabilities to support mature, risk-oriented security programs.
MetricStream added that its solutions integrate with various applications such as those for identity management, asset management, Security Information and Event Management (SIEM), threat and vulnerability assessment, intrusion detection and prevention, and security feeds to consolidate data related to information security, and technology risks. Dashboards present a real-time, top-level view of this information. The solution also facilitates a workflow-based approach to IT audit management and remediation management.
MetricStream IT GRC Solutions were recently reviewed by IDC, a provider of global IT research and advice, in its report - " MetricStream: Comprehensive Solutions for IT Governance, Risk, and Compliance." The report highlights MetricStream's "strong intellectual property (IP) portfolio around GRC," its "strong portfolio of IT GRC products that address end-to-end customer requirements," and its "strong partnership with various technology vendors in the security, smart grid, network management, operations, and asset management spaces." The report also highlights MetricStream's "strong IT GRC capabilities around cloud and virtualized environments."
Mayur Sahni, Research Manager, Services at IDC Asia/Pacific says, "Compliance requirements today are non-negotiable, and it's imperative for enterprises to implement a structured, organization-wide approach to IT GRC. MetricStream has a broad set of technologies not only to enforce and implement IT controls, but also to collect and harvest the information required to manage risk and demonstrate governance."
MetricStream IT GRC solutions provide integration capabilities for IT security, cloud, infrastructure, General Computer Controls (GCC), and business application controls. The Company said it streamlines compliance across IT regulations, standards, and frameworks by supporting automated monitoring and reporting of IT risk and control effectiveness and provides content for meeting compliance challenges, including over 5,000+ IT control statements from over 800+ authority documents through a partnership with UCF, which helps organizations harmonize on the smallest possible set of IT controls to meet all their compliance requirements. The solutions also provide IT audit management capabilities, streamlines the IT audit and compliance process, and enable multiple stakeholders to gain visibility into the status of these processes and their results. IT control or compliance issues that arise are automatically routed through a systematic process of investigation and remediation.
With MetricStream's acquisition of vPanorama cloud GRC technology from TBD Networks, the Company noted that it is able to provide solutions that allow its customers to seamlessly manage risks, regulatory compliance challenges, privacy requirements, security threats, and performance metrics across the cloud & virtualized infrastructure. The technology has augmented MetricStream's IT GRC solutions by providing granular visibility and control over security configuration assessments, continuous controls monitoring, risk management, and threat and vulnerability management. It helps minimize inefficiencies, while enhancing the reliability and performance of the cloud infrastructure.
MetricStream added that its functionality has attracted marquee customers across industry segments, which include companies in social media and Internet information, banking and financial services, healthcare, manufacturing, energy, and retail.
"IT organizations have focused solely on a bottom-up approach so far implementing granular IT controls based on vulnerability scans, patch, and configuration control data. This approach results in a lot of data but little actionable intelligence," said Vasant Balasubramanian, Vice President of Product Management at MetricStream.
"MetricStream combines bottom-up data with a top-down approach and over-arching analytics that correlate information risk, security, compliance, and business issues to provide actionable risk intelligence. Furthermore, with MetricStream's recent acquisition of vPanorama technology, we provide the unique capability of bringing top-down risk intelligence and IT GRC controls to the cloud. We also help enhance business value by closely aligning IT investments with organizational strategy and corporate objectives."
MetricStream is a company focusing on Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Management Solutions for global corporations.
((Comments on this story may be sent to email@example.com))
[ Back To TMCnet.com's Homepage ]