Are compliance-centric organizations the early ones to adopt GRC?
Yes. Industries which are more regulated have much higher impetus for GRC. The compulsion is not coming from security breaches or data loss threats but from strict regulations and laws.
GRC is largely perceived as a giant complex beast for CISOs in the overall security conundrum. Would you demystify it?
GRC is all-encompassing and it feels complex, it feels big. And it is big. A decade ago, we realized one could not approach this problem as a monolithic beast as it would be as futile as trying to boil the ocean.
The genesis of MetricStream is the creation of a very simple GRC platform and modular apps. Each byte-sized app allows CISOs and their teams to adapt GRC in pieces. The simple set of apps on the GRC journey makes it more manageable and a simpler experience. If someone attempts the whole thing in a single shot, it leads to complexity. Our company motto and tagline is 'Make GRC simple' with our technology, partners and team.
How does MetricStream view India market in terms of business operations?
Besides significant R&D and innovation, we have full-fledged operations in sales, finance and other departments. India is more strategic because of the presence of our many established partners and big systems integrators like Infosys, TCS, KPMG, Deloitte and others who implement our GRC solutions. It is fundamentally important to have local presence in adequate numbers and functions to support them to deliver best GRC solutions.
Tech Mahindra early this year entered into a strategic alliance with us by establishing a dedicated MetricStream Center of Excellence (CoE) in Bangalore. Hence India is strategic for us in multiple ways.
What do you look for in channel partners?
Channel partners need to have certain expertise and domain specialization. If they have expertise in law and regulation in the country and you understand the domain and have built a practice around it, it is a natural partnership for us. We don't look at the size as the determinant.
The biggest requisite for our partners is depth and understanding around enterprise solutions besides interest in the world of security and governance, risk and compliance. That's what we use as qualification criteria with more than hundreds if not thousands of companies approaching us for partnerships. We are carefully distilling the prospective partners as we have different grades of partnerships like strategic, resellers, entry level etcetera. We have Metricstream University, where they can get people trained and certified.
Do you see the government adopting GRC? Does MetricStream cater to SMBs too?
Most of our early adoptions globally have happened in the commercial sector more than government. For the past five to seven years, we have focused on commercial companies and today we have enough large, mid-market and small customers. The government are now moving in to adopt GRC.
Sign up for CIO Asia eNewsletters.