Current risk and policy management tools have continued to evolve, year after year offering new features and increasingly interesting approaches. There is some overlap with the tools we feature this month, but they fall into two main subcategories: GRC solutions and policy management tools.
GRC solutions are designed to help assure an organization achieves its objectives, addresses risk and operates with integrity. Features of most traditional tools manage compliance workflows, risk analytics and custom compliance reporting. Tools in this subcategory understand multiple popular standards, such as ISO 270001, NIST 800 series, PCI-DSS and GDPR, with the ability to cross map these controls to one another, which makes life easier for organizations tracking multiple standards.
Policy and risk management tools take a different approach. They integrate with technology and assess risk based on network or system behavior. These tools have taken off in popularity the past few years. Most can review routing tables, firewall policies and network traffic to build a dynamic network map to understand the impacts of applications and systems on the enterprise network.
While the tools in this space make claims for quick deployment, experience says they can take months to become adequately integrated inside an enterprise environment. Sometimes the solutions get scrapped before being fully implemented. When purchasing a tool with this level of importance, make sure you scrutinize the problem you are trying to solve to ensure the tools accomplish their intended purpose and potential.