Halloween Analyst Magic Well it’s Halloween and time for Analyst Magic. Gartner has published the Magic Quadrant for GRC, and all the other analysts seeking engagements of course are tweeting and blogging about what is right and wrong with the results. Just like Mike and Mike in the morning giving their analysis of the sporting teams, there is usually one person in the conversation that has at least played in the sport. The difference with our GRC analysts is very few of them have even helped or touched the applications they analyze. And most base their results on vendors who had to pay to get them to visit and customers who have asked for their wisdom and paid dearly. Unfortunately, the most they learn is by listening to the customers and to the vendors. Having been in both places, and hands on with many of the products, I would like to point out some of the many flaws: Much of the criteria are highly subjective. Market penetration for example is usually based on the acquisition of customers, and not by who is getting a return on their software investment. Opinions are cheap, just like the sports analysts; they vary by the biases they have developed over the years. In addition, all of the product evaluations are done based on demos by the vendors. And you can bet these are well orchestrated and planned to impress. Often they are geared to what the analysts ask about. Usually this is guided by customer inquiries. These are collected from primarily paying customers, or references that have been carefully selected by the vendor for the analyst to contact. I have been a customer and the only discussion I found worthwhile with any of the analysts was to get their idea of the price ranges I should expect before entering the negotiation process of the hardware of software acquisition process. In the case of GRC, these can vary widely. And there is a wide range of product capabilities. In most cases the “enterprise” tag given by the analysts is only indicative of the breadth of the product. The depth of the product is often overlooked, but a lot of attention to “look and feel” and user “friendly” criteria. One evaluation I saw presented during my days with SAP by an analyst was a demo, which got great accolades for an improvement in the user interface. And it was the same interface they had seen in the previous year, but the Demo Witch made it appear much better…. more smoke and mirrors. Before you enter the haunted house of the GRC market, my advice is to ignore the analysis paralysis on useless features and concentrate on the road to Return on Investment. This will allow you to seek out not only the software that is the best fit but also the best practices that help you gain the best utilization from the product. The combination of the two is what makes the GRC ghost and goblins go away and reality to appear! Gary 9/30/2016 10:11:07 pm
I like this blog, saved to my bookmarks.I have got some important suggestions from it, specially your service.I'm working in<a href="http://fuzzyinternational.com/"> Fuzzy International private limited.</a>
Reply
9/30/2016 10:11:23 pm
I like this blog, saved to my bookmarks.I have got some important suggestions from it, specially your service.I'm working in Fuzzy International private limited.</a>
Reply
9/30/2016 10:11:40 pm
I like this blog, saved to my bookmarks.I have got some important suggestions from it, specially your service.I'm working in Fuzzy International private limited.
Reply
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorsAssorted Members of the CAG Team providing insightful information on current topics related to GRC, Security, and Audit. Archives
July 2016
Categories |