The central theme here is GRC (governance, risk and compliance). GRC is at once the biggest pain point (arguably) of most large organizations and the most important task that does not usually get done right. GRC is a must for organizations that are subject to regulatory compliance. But more than that, it is the way organizations protect themselves from lawsuits resulting from negligence, weak or non-existent policies and lack of policy compliance.
And it's not just upstream liability. Breach reporting laws, more sophisticated attacks, increased complexity in achieving and maintaining the security of the enterprise, cloud and virtual computing and a slew of other issues make it pretty important that organizations not only check the appropriate boxes in the audit, but actually perform the right tasks to stay protected.
So, to be innovative in this space means to bring to your market tools that get the job done, enforce compliance and don't require a team of engineers just to keep the tool running and fed with up-to-date policies. That is what we found. As in previous years, we have some returning Innovators. We like that because it says that we were right when we selected them the first time.
Innovation is not a flash in the pan. Rather, it is sustained creativity, a strong feel for the pulse of the market and innovative approaches to solving difficult problems first and, hopefully, best making the Innovator the benchmark in the particular market segment.
We believe that the companies in this section, as with our other sections, exemplify these principles. But more – and more appropriate to this particular group – they are taking a market that comprises tools that are traditionally expensive, difficult to use and that for that reason often sit on the shelf, and they are breaking the mold. These products are manageable, affordable in the context of what they provide and they actually serve an extremely important purpose beyond the audit: they are instrumental in helping the using organization stay really secure.