March 1, 2012
Governance, risk management, and compliance (GRC) may be the least glamorous discipline of cyber security. Not many security developers yearn to spend months designing a security policy repository when they could be researching new encryption algorithms. But these areas are critically important, as they form the foundation upon which all cyber security is deployed. GRC for smart grids has only recently emerged as its own market, and the players are split among providers with innovative or direct approaches to smart grid cyber security and large and powerful vendors that sell industry-agnostic solutions into this market. According to a new Pike Pulse report published by Pike Research, the vendors that have focused most tightly on control systems innovation, and somewhat distanced themselves from the field, are McAfee/NitroSecurity and Industrial Defender.
“Despite the fact that governance, risk management, and compliance are essential requirements for any cyber security program, this is not a well-served market for smart grids,” says Pike Research senior analyst Bob Lockhart. “Pike Research expects that to change in the coming two to three years, but at present we have not identified a single vendor that combines the necessary innovation, scale, and smart grid focus to be considered a leader in this area.”
The combination of McAfee and NitroSecurity ranked highest in this Pike Pulse, based largely upon recently acquired Nitro’s GRC capabilities. McAfee’s acquisition of NitroSecurity, which had already positioned itself as a smart grid specialist, killed two birds with one stone, by plugging a gaping hole in the McAfee product line and giving McAfee instant credibility in control systems markets. With a long history of focus on control system security, second-ranked Industrial Defender was early to recognize the importance of governance, risk management, and compliance, even in an industry that does not yet have very many enforceable standards.
RSA, the security division of EMC, ranked a strong third in this Pike Pulse, near the top of the Contenders category.
The “Pike Pulse Report: Smart Grid Cyber Security Governance, Risk Management, and Compliance” evaluates 14 of the leading cyber security governance, risk management, and compliance vendors in the smart grid market and rates them on 12 criteria for strategy and execution, including vision, go-to-market strategy, partners, product strategy and roadmap, technical innovation, geographic reach, market share, sales and marketing, product performance and features, product portfolio, control system focus, and staying power. Using Pike Research’s proprietary Pike Pulse methodology, vendors are profiled, rated, and ranked with the goal of providing industry participants with an objective of these companies’ relative strengths and weakness in the emerging GRC marketplace. An Executive Summary of the report is available for free download on the firm’s website.
Contact: Richard Martin
+1 303 997 7609