May 09, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Beth Gold-Bernstein
SOA - Integration Industry Pulse
 Industry trends and vendor spotlights from Beth Gold-Bernstein, ebizQ's vice president of strategic services.

« MS Vista and Web 2.0 Musings | Main | BI Meets Event Processing »

March 25, 2008
Sun's GRC Eco-System

I recently caught up with Nicholas Crown, Product Line Manager of Sun’s Identity Business Unit, to talk about Sun’s new strategy to address the growing IT Governance, Risk Management and Compliance (GRC) market. The cornerstones of Sun’s strategy are its current identity portfolio along with the Vaau acquisition, which provided enterprise role-based access management.

Sun is planning to create an IT GRC eco-system which includes ISV partnerships, SI solutions, acquisitions and other Sun product offerings. You should expect to hear more announcements starting next quarter. Below is a graphic of how Sun views a GRC eco-system.

SUN it_grc_logical_view.jpg

In Sun’s view identity and access management are big components of a compliance solution, and a good place to start. Companies then can build out the rest of the capabilities through partner solutions.

Today Sun does not have anything for the management layer, but they’re working on that. I asked Nicolas where ITIL would fit, as it is becoming popular for IT Governance, and was told it would be considered one of the frameworks in the eco-system and there could be others. He stated that customers often develop their own frameworks, or begin with a standard and then customize it, and the logical view will accommodate that.

However, I was left with the question as to how SOA Governance, also a very big topic these days, fits into the IT GRC eco-system defined by Sun. SOA is changing the very nature of what we call an IT application. The monolithic applications of the past are giving way to mash-ups and composite applications. Many of the same policies that pertain to IT applications, including access control and identity management, also pertain to services. It would seem to me to be a natural conclusion that SOA Governance is a part of the overall IT GRC. How can you provide end-to-end security, risk management and compliance if the policies are not equally applied to the fast growing part of the IT portfolio represented by services? Can they really be separate disciplines, technologies and solutions? Does SOA Governance belong on the GRC roadmap? How are you handling it you your organization?

Posted by bethgb at 11:32 PM in Vendor Briefings | Digg This | Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3285

Comments Post a comment




Remember Me?



We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
RSS Subscription

Recent Posts
Categories
Archives
Blog Roll
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
BAM for BPM Survey Results Are In! Learn What’s Driving New BAM Investments
Date: May 13, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Avoid the SOA Pitfalls that Prevent ROI
Date: May 15, 2008
Time: 14:00 PM ET
(18:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map