Process-Only Technologies Cant Scale

By Pravin Kothari  |  Posted 2010-09-13 Print this article Print

Conclusion No. 3: Process-only technologies can't scale

GRC automation is a generic term. Organizations often do not realize that process automation and control automation are very different and unrelated technologies. Process automation is fairly pedantic. Documents management, workflow and collaboration technologies perform useful functions but, technically, they are not very challenging to build. Process automation products don't deal with a large amount of data or assets, so performance and scalability are not required.

On the other hand, control automation is seriously advanced technology. Building an engine that can extract and correlate millions of data records every day is hard. Building bidirectional integration to other vendors' systems that works as expected (under all different scenarios) is hard. Building an engine to manage hundreds of thousands of assets, and to change those assets' profiles and classifications-and determining what controls are relevant for each asset-is hard.

If a process automation-only product is selected, then the organization will need to start over if they want to implement control automation and reach GRC nirvana. Trying to extend process-only technologies to achieve IT control automation is like strapping homemade rockets to your family sedan. The outcome is not likely to be pretty.

Pravin Kothari is founder and Chief Technology Officer at Agiliance. Pravin is responsible for product vision, product strategy and engineering at Agiliance. Pravin has over 20 years of success at bringing new products to market in information security, compliance, enterprise software, software as a service, and large-scale software infrastructure. Prior to founding Agiliance, Pravin was the founding vice president of engineering at ArcSight, where he led the product development for five years from inception to market dominance. Prior to ArcSight, Pravin was the founding chief architect at Impresse Corporation. Previously, Pravin held technical leadership positions at Verity, Attachmate, and Tata Consultancy Services. Pravin holds a Master's degree in Computer Science from the Indian Institute of Technology (IIT), Bombay. He is a Certified Information Systems Auditor (CISA), a Certified Information Systems Security Professional (CISSP) and Charter Member of TiE, a global organization dedicated to the advancement of entrepreneurship. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel