On Jan 4, 2010, the RSA division of EMC announced the acquisition of Archer Technologies, a privately-owned GRC provider based in Kansas. The press release can be found here.  Although an unexpected move, this acquisition is very understandable considering the market position of EMC/RSA and Archer. 

EMC has essentially adopted the IT GRC strategy that CA has been following for over two years.  CA saw long ago the need for a centralized GRC management solution, with integration to key security and compliance controls solutions, and introduced a comprehensive solution for IT security and compliance over two years ago.

This integration of security and compliance products with GRC management will be a key differentiator over the near term, as market consolidation likely continues.  Customers will continue to expand their deployments of security and compliance controls such as provisioning, access management, privileged user password management, log management, records and email management.  Although these technologies help to automate key security and compliance processes, the use of GRC Management is what helps unify this information and these activities. It also helps eliminate redundant activities, and therefore reduces total compliance costs.  In addition, it enables business leaders to get high-quality information (accurate and timely) about their current IT risk and compliance, so that they can make better decisions relating to these programs. 

CA is in the unique position to provide all those needed security and compliance controls, as well as GRC management. We recognized the importance of integration for cost-effective GRC management, and have made this a foundation of our overall IT GRC strategy.   EMC/RSA’s move validates what CA knew long ago.