When EMC acquires a company it takes a bit of discipline to keep up with the incoming software architectures. Some have been easier to grasp than others. For example, GreenPlum technologists have made the rounds several times within EMC. When they describe their architecture I understand it because GreenPlum software reads and writes data. That's familiar to me.
The Archer acquisition, however, has been different. I've been less able to understand the platform and functionality. I couldn't figure out how and why customers were using it.
I noticed that the RSA Archer Road Show was coming to Boston, so I signed up. The road show is mainly run by customers. Their presentations don't describe the Archer architecture; they describe how customers are using the product. So I sat in on a day-long meeting in Boston.
What I learned surprised me. I had always thought of the Archer acquisition in terms of the assessment, compliance, and risk management of an IT infrastructure. The Archer platform can surely do those things. Customers are using it, however, for a variety of different purposes (e.g. checks and balances to prevent internal fraud in an organization).
However I did hear quite a bit about using Archer for IT governance. I thought I'd relate the customer story that I learned the most from.
Interestingly enough, it was a story from the pre-acquisition usage of Archer within EMC.
Enterprise-wide File Scanning
EMC’s global file share infrastructure contains over 2 petabytes of data, and the Office of Risk Management frequently scans those shares looking for unencrypted and sensitive information. RSA's Data Loss Prevention Suite is the tool of choice to perform the scan. Here is the value of the DLP Suite (taken from RSA's website):
The RSA Data Loss Prevention (DLP) Suite enables organizations to discover and classify their sensitive data, educate end users and ensure data is handled appropriately, and report on risk reduction and progress towards policy objectives.
The DLP software reported that potentially 30,000 files contained unencrypted sensitive information. This discovery occurred in early November of 2009 (two months before the Archer acquisition). The Office of Risk Management set a goal to clean up those 30,000 files by the end of the year. Archer was already being used within EMC and the team believed that somehow the Archer framework could be of assistance.
But 30,00 files in less than two months? That's an aggressive goal. Fortunately the Varonis tool was already being used in-house as well. This tool was able to analyze who had been accessing these files and conclude that the files were collectively owned by 1,200 different users. The output of Varonis was used as input into the Archer framework (I learned that one of the strengths of Archer is its ability to import a variety of different data formats through a drag and drop interface, no API integration required).
Once the 1,200 users were identified, Archer's questionnaire functionality was used to survey the owners about their files and educate them on EMC's file management policies. Within a month, 90% of the questionnaires were complete, and many of the owners simply removed offending files. Out of the 1,200 users, only 150 responded that they had to retain the data that was in their files.
Therefore 30,000 files had been whittled down to 1200 users with Varonis, and 1200 users were whittled down to 150 users with Archer. Archer was then used to close the loop on the rest of the files by tracking the encryption (or removal) of sensitive information. The team was successful, and the Archer framework "remembered" the whole process (valuable proof that the corporation is vigilant in complying with corporate and/or legal policies).
All of the "programming" required to perform this governance was mainly drag and drop user interfaces. During the day I saw a demonstration of the new Archer 5.0 functionality and witnessed firsthand how the dashboard-style interface can be used by anyone to create workflows and results that map to top-level corporate policies.
Other customers had similar stories, whether their use cases were IT-based or not. One presentation was given by Archer partner Approva. Approva does deep integration with popular corporate applications (e.g. SAP) and feeds the results into Archer, which then performs the necessary analysis across all applications in the enterprise to flag any violations.
I learned much by attending the event. I found out that EMC had been using Archer for 18 months before the acquisition, and the favorable deployment of the software no doubt contributed to the decision to acquire. I also found out that EMC has moved into a market that is not necessarily about the movement, flow, storage, and protection of digital information. This adjacent market is a great place to be.
Steve
Twitter: @SteveTodd
Comments