3 Things to Consider When Choosing RSA Archer for GRC

By Eric Noonan • March 21, 2016

Governance, Risk and Compliance (GRC) is an all-encompassing term that can cover an array of areas from business continuity through vendor management. Given the range of meaning, it’s important to understand what it means to you and your organization before selecting a platform like RSA’s Archer, which has many modules and even more use cases.

To help narrow down your selection of Archer modules and use cases as well as increase your likelihood of success in deployment and utilization, here are 3 things to consider before making your purchase:

3 Things to Consider When Choosing RSA Archer for GRC

1: Requirements First, Technology Second

Many late and over budget technology projects can be traced to a project that started with a “bake-off” of technologies or worse statements like “we need (fill in the blank with your favorite security tool)”. My experience is when requirements drive the technology selection process outcomes are far more likely to be aligned with expectations.

Decide what you are trying to accomplish and turn high-level statements of need into fact-based requirements that will drive the technology selection. Forget looking at Forrester or Gartner first to see what vendor product is the “best”. Best is relative and your requirements could very well lead you to a solution that didn’t make the Magic Quadrant (MQ). Defining your requirements relative to GRC will help you avoid overbuying a solution leaving you with modules or use cases you can never extract value from.

2: Don’t Forget Operations and Maintenance

Someone, an actual human being, is going to have to support the solution that you purchase and you should factor that into your operational expense budget as part of the total cost of ownership. If it won’t be an internal employee then budget for consulting to maintain the solution that you have deployed. Avoid falling into the trap of sending one employee to a 5-day vendor class that covers the entire GRC landscape and range of modules so you can check the box and say you have trained someone to support your implementation. If you didn’t buy Incident Response, Vulnerability Management or some of the other modules covered in the high-level training class why spend time and money training to use them?

Your plan for supporting RSA Archer operations and maintenance should tie back to your requirements. Ask what it will take to satisfy your requirements on a continuous basis, whether in FTE’s or consulting hours and budget accordingly.

3: Integration with Existing Technologies

One of the great benefits of the RSA Archer platform is its ability to take data feeds from existing tools and create dashboards that convey information into a single pane of glass. If configured properly the information displayed can be fact-based metrics that tell you in real-time, or as close to, how effective your existing tools are. Archer gives you the ability to leverage a standard like the 20 Critical Security Controls and actually display the metrics provided for each control within the platform. It’s just one example of how you can integrate existing technologies into the platform and show a return on your security investment.

How Can CyberSheath Help Your Organization?

At CyberSheath, we know cybersecurity processes first, and we use that knowledge and experience to help our partners get real value from Archer.  Effective GRC doesn’t begin with a GRC technology solution – a concept we discuss more in-depth here – but rather understanding your requirements first, ensuring your valuable time and resources won’t be wasted.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.