For the past two years Archer Technologies has been a disruptive force in the GRC market. They have been going strong in the IT/information security segment of GRC for several years – but the past two years has shown them to be a formidable competitor in what is referred to as the enterprise GRC (eGRC) market.
I have noticed as GRC buyers have repeatedly been impressed in the RFP process by Archer as well as much of the inquiry and questions from competitors who did not see Archer coming.
Archer has done particularly well in reaching large Fortune 1000 companies that need a platform that can be adapted and configured to different GRC related processes. When it comes to flexibility of the platform – Archer wins almost every deal. On the downside, Archer hasloses some deals by not having deeper risk analytics and modeling. There strength is in customization, workflow, and modularity of their platform.
Archer has also done very well with their GRC Exchange (similar to Salesforce.com AppExchange) direction – taking the cloud computing content to GRC. With that they have also tied content and services into the exchange in addition to application modules. They also are excellent at partnering with their clients and making the client feel ownership in Archer.
Enter EMC/RSA . . . this is a deal that makes complete sense. RSA needs the IT GRC capabilities that Archer delivers, and Archer can use the breadth of products and resources that the RSA (security division) of EMC brings. This further strengthens EMC with an eGRC strategy – to date it has been largely centered on a build it yourself approach with Documentum. With Archer, EMC can deliver an enterprise/eGRC solution for its clients that is established and can integrate into the Documentum environment. The synergies in this acquisition are truly remarkable.
However, the downside happens if EMC does not allow Archer the freedom and flexibility to be an eGRC platform. Archer is part of the RSA Security Division of EMC which may mean it gets locked into a perception of remaining an IT GRC player with limited eGRC capabilities. EMC should address this by making sure that Archer is perceived as being part of EMC itself and not just an extension of RSA’s security products.
This is the first acquisition of 2010 in the GRC space with a lot more to come. There is a lot of interest and activity in this space, we can fully expect a lot of consolidation and realignment of the GRC space over the next year.