DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

PALO ALTO, Calif. -- MetricStream, the market
leader in Governance, Risk, and Compliance (GRC) solutions,
has acquired TBD Networks, a San Jose, California-based
cloud transformation company and its vPanorama cloud GRC
technology. By incorporating vPanorama into its IT-GRC
solution, MetricStream will enable customers to seamlessly
manage regulatory compliance, privacy requirements, security
threats, vulnerability risks, and performance metrics across
the entire spectrum of virtual assets in the cloud, as well
as on-premise virtual infrastructure. The latter constitutes
private clouds based on platforms such as VMware vSphere.

An increasing number of IT resources - including
business-critical applications and highly sensitive data -
are being moved into the cloud. While the cloud offers
significant benefits in terms of efficiency, scalability,
and economy, it also presents an entirely new set of
security risks that IT organizations are only beginning to
understand. In addition, the cloud increases the complexity
of the IT environment - today companies are using a
combination of both on-premise physical systems and
virtualized IT infrastructure in the cloud which, in turn,
may be private, public, or hybrid.

MetricStream offers IT security, risk, and compliance
managers a simple, action-oriented way to monitor the
virtualized environment alongside on-premise infrastructure.
vPanorama's groundbreaking technology provides granular
visibility into and control over security configuration
assessments, continuous controls monitoring, risk
management, and threat and vulnerability tracking. It also
helps meet compliance requirements around industry
standards, cross-border data transfer, service level
agreements (SLAs), segregation of duties (SoDs), and general
computer controls (GCC). The technology minimizes
inefficiencies, and enhances the reliability and performance
of the cloud infrastructure.

vPanorama, developed by TBD Networks under the VMware
Technical Alliance Partner Program, has been the building
block of some of the world's largest virtual environments,
including the US Air Force's global network environment.

"Traditional IT operations are based on physical asset
models and stable relationships between servers, networks,
and storage elements. But with virtualization, system
services and servers can be provisioned, replicated,
updated, and de-provisioned with a single click; network and
storage mappings are made fluid; VMs can be easily moved
across and between enterprises, by-passing all traditional
security controls," says Thomas Ludwig, CEO of TBD Networks.
"Virtualization and the cloud have fundamentally changed the
overall model of IT governance, and significantly impacted
security and risk. vPanorama is designed for this new
paradigm, and augments the MetricStream IT-GRC solution,
delivering a panoramic view and a fine-grained management
framework for heterogeneous virtual environments."

"With the acquisition of vPanorama, MetricStream breaks new
ground in IT security, risk, and compliance management. It
brings to market the only IT-GRC solution that enables the
highest and most consistent level of assurance and control
for both cloud infrastructure and on-premise systems," says
Shellye Archambeau, CEO of MetricStream. "Companies need to
relook at their IT-GRC strategies and incorporate cloud GRC
so that they can confidently embrace virtual infrastructure,
and fully harness the power of cloud computing. With the
help of MetricStream, customers, for the first time, can get
clear visibility into and exercise control over their
compliance status and risk posture in the cloud."

The U.S. National Institute of Standards and Technology
(NIST) and the Cloud Security Alliance (CSA) view cloud GRC
as a critical issue. NIST recently released a draft of
Special Publication 800-144, "Guidelines on Security and
Privacy in Public Cloud Computing," which recommends steps
to be taken in nine topical areas: Governance, Compliance,
Trust, Architecture, Identity and Access Management,
Software Isolation, Data Protection, Availability, and
Incident Response.

The CSA makes similar recommendations in v2.1 of the CSA
Guide - "Effective governance and enterprise risk management
in Cloud Computing environments follows from well-developed
information security governance processes, as part of the
organization's overall corporate governance obligations of
due care." The report goes on to say, "The fundamental
issues of governance and enterprise risk management in Cloud
Computing concern the identification and implementation of
the appropriate organizational structures, processes, and
controls to maintain effective information security
governance, risk management, and compliance."

As part of the acquisition, the TBD Networks team will join
MetricStream to drive product innovation and R&D around how
enterprises should respond to emerging risks from
virtualized infrastructure, mobiles devices, reliance on
managed service providers, cloud applications, digital and
social media, and the resulting Big Data.

About MetricStream

MetricStream is a market leader in Enterprise-wide
Governance, Risk, Compliance (GRC) and Quality Management
Solutions for global corporations. MetricStream solutions
are used by leading corporations such as UBS, Constellation
Energy, Pfizer, Philips, BAE Systems, SanDisk, Cummins and
Sonic Automotive in diverse industries such as Financial
Services, Healthcare, Life Sciences, Energy and Utilities,
Food, Retail, Government and Manufacturing to manage their
risk management, quality processes, regulatory and
industry-mandated compliance and corporate governance
initiatives, as well as several million compliance
professionals worldwide via the www.ComplianceOnline.com
portal. MetricStream is headquartered in Palo Alto,
California and can be reached at www.metricstream.com.