All product vendors must correctly articulate how a product’s capabilities address a real customer need in order to be successful in the marketplace.  This is the fundamental basis to marketing and product positioning – and to winning in a product category.  The vendor’s challenge is keeping current with the customer’s evolving needs to ensure that the messaging – and underlying product capabilities - continues to resonate.  Therefore, it is always reassuring to find confirmation that these customer needs still exist. 

As an example, one of the key capabilities we highlight in CA’s GRC Manager and the CA Security Management offerings is how we can help our customers automate manual compliance processes leading to real organizational efficiencies and operational savings.  And my discussions with customers confirm that without technology solutions like ours, there are many organizations out there that still rely on spreadsheets to track and manage compliance projects.

Thus, I was very intrigued to read last week’s testimony from the US Federal CIO Mr. Vivek Kundra to the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security.  In his testimony (accessible here), Mr. Kundra noted that for FISMA reporting, the Office of Management and Budget (OMB) received “via email over 100 individual spreadsheets from agencies and paper copies of the Inspector General reports in response to FISMA reporting requirements.  It took three FTEs working for a full month to compile and analyze the data submissions.”  This testimony provides a vivid example of the cost and inefficiencies associated with compliance--in this case 3 man months to complete a compliance requirement.  Mr. Kundra added, “This manual spreadsheet process was laborious, time consuming, and unsecure.”

Not surprisingly, the pain and inefficiency associated with these processes has spurred the OMB into action and as the testimony recounts, a new interactive data collection tool called CyberScope is being made available to help improve the FISMA reporting process for federal agencies.
 
While confirming that compliance efforts are still characterized by spreadsheets and manual processes may be depressing to some, it also helps to reinforce that for many companies and organizations, compliance process automation is still a worthwhile goal – and one that can lead to measurable benefits including reduced operational expenses and improved efficiency across the organization.