Toss in Control Compliance
Symantec also combined Control Compliance Suite and its Enterprise Security Manager product under one architecture, allowing customers to perform scanning with or without an agent. "The benefit is, for example, if you are an existing Enterprise Security Manager [customer] you don't have to rip out what you have," Dickson said. "All the agents can still collect the information, and it's just reporting to a common, reporting structure and going into a central repository where we keep all that information.""Vendors commonly identify automation and management tools as risk management or GRC solutions, or describe them as -compliant' with various regulations," Proctor said. "No software or IT solution alone will manage risk or make an enterprise compliant with applicable regulations. A common framework for risk definition assessment and mapping is the starting point for identifying risks and risk events and for establishing the responsibilities of risk managers." Chanchani agreed, explaining many organizations lack consistency in how they view risk and compliance, leading to duplication of efforts and increased costs. "This is not about one solution that can fix every problem, because a lot of this resides in process as it does in a tool for automation," he said. "But what we have done in our product is taken a look, end-to-end, at the process and automated key parts of that process."
Even with all the advancements in IT risk technology, Gartner analyst Paul Proctor said in an interview with eWEEK prior to the conference that organizations should not forget that technology alone cannot solve all problems.