eGestalt Technologies SecureGRC

Powered by SC Magazine
 

It is a solid citation-based configurable risk model but is light on compliance content.

SecureGRC is a cloud-based, software-as-a-service (SaaS) enterprise application that provides security and regulatory compliance management. It unifies security monitoring and compliance into a single solution to address needs around risk management.

This is a young product, v1.0 shipped in August 2010. The beta version we were shown is due to be released soon. It focuses on the assessment portion of the risk effort. We were told that the final version will also support remediation through the integration of support for threat and vulnerability data.
The combined security monitoring and IT-GRC solution provides automation and integration of security and policy controls in a ready-to-use automation framework. SecureGRC currently comes with prepopulated content and support for PCI DSS 1.2 and HIPAA.

On the remediation options front, SecureGRC provides real-time status on the current state of security and compliance and then offers a checklist of questions that guides the process along, asking for proof of documentation to fulfill the compliance request. No prior knowledge of any particular compliance regulation is necessary in order to use SecureGRC. Users simply follow the application's list of instructions and upload the required documents, and the system will generate a report that can be presented to auditors to prove compliance.

The hosted model was developed with multitenant security in mind and includes security at all transmit and service levels. There is an option in the hosted pricing to pay as you use this tool, i.e., per assessment.  Subscription is $750 per year (MSRP) for SecureGRC SB and $9,100 per year (MSRP) for full SecureGRC. It is SaaS only, with no on-premise software.

The product takes an interesting approach to risk management, and we believe the final version - which includes more in-depth reporting and compliance content, and delivers on the remediation front - will be worth a look.

Copyright © SC Magazine, US edition


eGestalt Technologies SecureGRC
 
Overall Rating
Verdict:
If the product delivers as promised in final release, it is worth a look.
Product Info
Specs:
Version 1
 
Price when reviewed:
9000
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 830

Vote