SAN FRANCISCO — RSA has launched a new Governance, Risk and Compliance Advisory Service to help businesses of any size in figure out where they need to beef up security or address compliance issues.Mat Allen, senior director of the security and risk management consulting practice at RSA’s parent EMC Corp. [NYSE: EMC]
, called the endeavour not a completely unique or new service, but one that consolidates and adds on to existing ones. “Basically we’ve defined a series of services that’ll hang off of a broader framework called GRC – or governance risks and compliance – and under that are some tactical offers as well as a broader strategy,” he said.Allen thinks the security industry as a whole has been in flux and there’s greater need for each every business type to know its security needs better. “We’ve seen a wholesale shift in a customer and marketplace need around the broader concept of security and that’s largely driven by compliance on one hand … and how confusing that’s been,” he said. “Think about the implications for them to understand it and, if you’re a smaller company, that’s an encumbrance you just can’t afford.”
The idea is that RSA, with its broad knowledge of the security and compliance field – and of course with the depth of products it can offer – is ideally suited to advise on not just compliance but overall security strategy.
The announcement was made at the annual RSA security conference here. RSA offers a range of security-based consulting and professional services.James Quin, lead research analyst at London Ont.-based Info-Tech Research Group Inc., who was at the conference, had concerns how businesses might react to RSA offering advice on governance. “Maybe something like that is good,” he said. “I mean, the concern – not from my perspective – but the concern from a lot of businesses, from their perspective is … how much of it is just a sales pitch? — We’re only selling the problem to you in a manner in which we’re the only ones who can solve it.”Branden Williams, Global CTO of marketing for RSA doesn’t see that as necessarily a bad thing. “By combining these new security and risk management services with RSA’s expanding product portfolio, EMC’s security proposition has never been stronger,” he said.
Quin said this move to consultancy is representative of a market-wide phase shift. “I have conversations with clients all the time and they tell me ‘Oh, I don’t need to worry about security, I don’t have anything anyone would be interested in.’ But you’ve got customer lists,” he said.
Quin said it’s not enough for small businesses to just assume that compliance issues don’t affect them. It’s time for them to recognize that everyone has sensitive data even if not everyone is properly securing it. Despite the conflict, Quin said that RSA advisory services can still serve that purpose.