-
Featured services
Think beyond the robots
The successful integration of AI and IoT in manufacturing will depend on effective change management, upskilling and rethinking business models.
Read the blog -
Services
Leverage our capabilities to accelerate your business transformation.
-
Services
Network Services
Popular Products
-
Private 5G
Our turnkey private 5G network enables custom-built solutions that are designed around unique use cases and strategies, and deployed, run and optimized through a full network-as-a-service model.
-
Managed Campus Networks
Our Managed Campus Networks services transform campus networks, corporate area networks and interconnected local area networks, and connect smart places and industries.
-
-
Services
Cloud
Popular Products
-
Cloud Architecture and Modernization
Discover how to achieve your business goals through cloud modernization practices, that deliver improved agility, reusability and scalability.
-
Cloud Optimization
Discover how to maximize operational excellence, business continuity and financial sustainability through our cloud-advanced optimization services.
-
-
Services
Consulting
-
-
Services
Data and Artificial intelligence
-
Services
Technology Solutions
Client stories
-
Services
Global Data Centers
-
Services
CX and Design
-
Services
Application Services
-
Services
Sustainability Services
-
Services
Digital Workplace
-
Services
Business Process Services
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
Sponsorships
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
Everest Group PEAK Matrix® Assessment
NTT DATA is a Leader and Star Performer in the Everest Group Sustainability Enablement Technology Services PEAK Matrix® Assessment 2024.
Get the Everest report -
- Careers
Topics in this article
Effectively weigh GRC tools and solutions
As discussed in Part One of this series, there are real, tangible costs, as well as intangible ones, associated with the current manual methods of IT security provisioning and compliance reporting. And for so many organizations, these costs are ever-increasing.
As the impact – specifically, time and money lost – becomes untenable, a search for potential solutions begins. Now in Part Two (of this three-part series), we’ll discuss the hunt for a governance, risk management and compliance (GRC) automation tool and how to build the business case to acquire one.
Searching for solutions
One answer to streamlining user provisioning and compliance reporting might be to hire more staff. However, most enterprises are reluctant to do so, since increasing staff often increases complexity. Confusing, complicated processes can get more confusing and complicated by adding ‘cooks’ – as novice hands tend to make more mistakes, and senior talent spends too much time having to clean up afterward.
Another possible solution is to try to automate linkages between existing systems and reports in the attempt to streamline processing. However, home-grown programs and scripts don’t always work well, and maintaining customer code or scripts can take on a life of its own.
Typically, the best solution is purpose-built commercial software with comprehensive, automated workflows. Proven solutions, such as our ControlPanelGRC, are easy to implement.
Evaluating software solutions: a GRC tools comparison
In order to evaluate solutions for automating IT user provisioning and compliance reporting, an organization must first identify specific criteria for assessing the quality and ‘fit.’ Based on the criteria, RFPs can be developed to solicit proposals.
Some requirements may include:
- Automate and streamline approval workflows and provisioning processes
- Reduce cycle time
- Eliminate manual tasks
- Enable self-service and improve visibility
- Improve compliance efforts
- Provide a single source of the ‘truth’
- Centralize SAP security data (e.g., with a common dashboard)
- Reduce operational workloads for the technical team
- Expedite processing user and role requests
- Expedite and improve compliance reporting
- Provide quantifiably more time to support innovation in the business
When evaluating solutions, it’s also important for organizations to recognize their own internal constraints. Do they have the capacity to purchase, install, and maintain incremental servers and infrastructure? Can their staff develop specialized skills to implement and support new solutions? Is there budget for a large implementation using external consultants? Politically, what are management’s expectations of the project – a quick win or building value over time?
A total cost of ownership (TCO) analysis of solutions should be performed. Considerations often include:
- Cost of software licensing
- Infrastructure costs
- Training costs
- Implementation costs
- Costs associated with ongoing operations
Evaluating vendors
Vendors themselves must also be evaluated. Is their business approach that of a long-term partner? Are they continuing to enhance their product? What is their product roadmap? Are there concerns about their viability, stability or vision? Will they be in business three years from now? The GRC market is evolving; are they?
The evaluation cycle can reveal a lot about each vendor’s commitment and characteristics. For example, were the demos customized? Did the sales and technical staff really listen? Were they honest about shortcomings? Did they take the time to understand the organization’s needs? Were they timely and detailed in responses?
In short, it’s important to be comfortable with a vendor for them to truly be a partner that helps move your enterprise forward.
Refining the search
When you have well-defined requirements, potential solutions can be dismissed quickly based on:
- Total price-point out of reach
- ‘Footprint’ requirements too high (e.g., with incremental servers and infrastructure, and incremental administration, interfaces, and day-to-day ‘care and feeding’)
- Specialized skillsets required
- Implementation costs and timeframes too high
- Ongoing operational complexity
Building the business case and calculating ROI
Netted out, the time, effort and risks associated with the escalating difficulties in manual user provisioning and compliance reporting become unacceptable.
As discussed in Part One of this series, the first step in building a business case for an automated solution is to make clear, visible metrics on the current situation.
Ask and answer questions such as:
- What is the current, average turnaround time for processing routine user provisioning requests?
- What percentage of requests gets lost or requires special handling?
- How many hours are spent processing user provisioning requests?
- What are the total current costs (hours times salaries) for processing user requests?
Similarly, actual costs may be determined for current methods of compliance reporting.
Adding up the actual costs and hours spent on current methods of user provisioning and compliance reporting creates a benchmark against which the projected savings of an automation solution can be justified. Vendors should be able to provide references and case studies to estimate these projected savings.
Applying estimated time savings against current costs creates the basis for a return on investment (ROI) calculation.
In addition to defining hard ROI estimates for implementing an automated user provisioning and compliance reporting tool, there are other benefits that can be articulated:
- Better service to the business
- Faster time-to-value for new or changing employees (faster provisioning of user and role requests)
- Freeing technical teams from ‘operational drudgery’ and improving morale
- Less manual provisioning
- More time for new initiatives and innovation
- Streamlining audit reporting
- Less time spent preparing for audits
- Less time for auditors to perform their jobs
By conducting a GRC tools comparison and implementing an automation solution for user provisioning and compliance reporting, organizations can realize extensive gains. In the final part of our GRC tools series, we’ll explore the implementation process and how to prove the ROI of your new GRC automation solution.
And if you’d like to learn more about ControlPanelGRC, and whether the solution is right for you, request a free risk assessment today.