2021 Gartner Magic Quadrant for IT Risk Management

2021

The editors of Solutions Review highlighted the changes that have occurred since the last iteration of Gartner’s Magic Quadrant for IT Risk Management and analyzed the new report.

The analyst firm Gartner, Inc. released its 2021 Magic Quadrant for IT Risk Management. Researcher definition IT risk management (ITRM) products as “software and services that implement the risk management life cycle of network and IT risks in the context of the organization’s mission.” The implementation of these tools is to establish a centralized hub to simplify and facilitate business-related risk management. The ITRM platform helps security and risk management (SRM) professionals manage network and IT risks for four common use cases, namely, IT risk and control assessment; regulatory, industry and policy compliance; network risk management; and integration into enterprise risk management.

Although ITRM tools are mainly used for the above use cases, US federal organizations often use ITRM products to meet current and future US federal compliance regulations for system evaluation and authorization. In addition, the key functions of ITRM solutions include workflow management; data integration and connectors; information and asset discovery and inventory; user access; risk analysis; risk processing life cycle; board of directors/senior management reports; near real-time IT risk analysis ; Supervision and policy content management; threat and vulnerability management integration; and incident management integration.

According to Gartner, the ITRM product market is expanding, and there is strong interest in ITRM use cases in standalone ITRM products or integrated risk management (IRM) platforms or governance, risk and compliance (GRC) platforms. The increasing focus on cyber security has led to increasing interest in ITRM features specific to cyber risks. In addition, due to cyber security and privacy requirements, as well as digital, remote or hybrid business operating environments, interest in ITRM programs is expected to continue.

Gartner predicts that by 2023, 80% of organizations with a formal risk management plan will use ITRM products to manage their network and IT risks, compared to 45% currently. In addition, the recent introduction of new vendors disrupted the market, leading to a shift from ITRM to cloud-first deployment. Because of this, many ITRM providers have slowly turned to SaaS priority products. In the future, Gartner expects ITRM vendors to embed machine learning capabilities into their products on a larger scale, including natural language processing, embedded chatbots, and evidence recommendations based on previously given evidence.

In this Magic Quadrant, Gartner assessed the strengths and weaknesses of the 14 most important suppliers in the market, and provided readers with a chart (Magic Quadrant) based on the supplier’s Execution ability And their The completeness of the vision. The graph is divided into four quadrants: niche players, challengers, visionaries and leaders. In Solutions Review, we read the report, Available here, And come up with key takeaways.

As the software market develops, Gartner will adjust the evaluation and inclusion criteria of its Magic Quadrant. Although no suppliers have been added or deleted, three suppliers have changed their names in the past iterations of this report. Archer changed its name from RSA Archer to Archer, SAI360 changed its name from SAI Global to SAI360, and Diligent acquired Galvanize. Gartner occasionally lists honorary nominations that do not meet the selection criteria but have aroused customer interest due to its open source approach and market momentum. This year’s honor awards are Camms, Cyber ​​Saint and eramba.

Representative vendors in this year’s Magic Quadrant include Allgress, Archer, Diligent, IBM, LogicManager, MetricStream, NAVEX Global, OneTrust, Reciprocity, Riskonnect, SAI360, ServiceNow, SureCloud and TechDemocracy.

The Leaders Quadrant is the most densely populated this year and includes ServiceNow, Diligent, Archer, MetricStream, IBM, NAVEX Global and SAI360. ServiceNow ranks highest in terms of execution capability. This status can be attributed to one of the suppliers with the highest R&D budget among the suppliers evaluated in this report. ServiceNow’s closest competitor in this quadrant is Diligent, which is one of the only two providers in the Magic Quadrant that has an authorization to operate (ATO) its platform. This satisfies the main eligibility criteria of state and federal agencies in cloud service procurement decisions.

Archer, MetricStream, and IBM are all closely grouped in the leader quadrant. Archer stands out through its workflow process designer function, which provides ease of use, modern user interface and flexible operation or workflow nodes in zero-code to low-code workflow design. The advantage of MetricStream is that it can adjust and continuously improve its roadmap based on customer feedback and needs, which can be seen from its investment in improving user experience. On the contrary, IBM touted the widest geographic presence in this report and also has a strong product vision for machine learning and artificial intelligence-driven risk and compliance management enhancements.

The front runners are SAI360 and NAVEX Global. SAI360 is located closest to the Y axis. This position may be due to the provider’s pre-defined solutions tailored to the needs of small organizations in IT risk and network security program management. NAVEX Global is placed closest to the X axis. Suppliers will focus on enhancing the user experience by improving the user interface, improving automated workflows, and adding online record editing capabilities.

This year’s challengers are all located near the Y axis of the chart, and OneTrust is placed directly on the axis. OneTrust’s position can be attributed to its strong internal intellectual capital, product design and experience. LogicManager has obtained the highest execution ability among challengers. The supplier provides each customer with a team of industry-based consulting analysts who work with end users to implement solutions that meet business needs.

The remaining challengers in this year’s report are Reciprocity and SureCloud. In 2021 and 2022, Reciprocity is expected to continue to expand its benchmarking capabilities and platforms to support third-party risks. SureCloud is exclusively provided through SaaS and is looking to rebuild its platform to optimize performance and flexibility.

There are no visionaries on the list this year, only niche players remain. Allgress is located in the quadrant closest to the X-axis and Y-axis. Its solutions are mainly aimed at small and medium enterprises in finance, healthcare, technology, state or federal government. Allgress also provides a range of deployment options. TechDemocracy, which is also a niche player, may have won its position because it is one of the few products that uses cyber risk management as an independent product. Finally, Riskonnect offers RK GoLive!, which introduces two implementation options to facilitate deployment by focusing on best practice configuration or customer configuration.

Read Gartner’s Magic Quadrant for IT Risk Management.

Tess Hannah
Latest posts by Tess Hannah (See all)

#Gartner #Magic #Quadrant #Risk #Management

More from Source

Leave a Comment