From: Information Security Solutions Review By Ben Canner
The editors at Solutions Review highlight what’s changed since the last iteration of Gartner’s Magic Quadrant for IT Risk Management and provide analysis of the report.
Technology research giant Gartner, Inc. recently released the 2020 Gartner Magic Quadrant for IT Risk Management. You can download it here. Gartner researchers define IT Risk Management (ITRM) as “software and services that operationalize the risk management life cycle in context of the organization’s mission. ITRM solutions are deployed to establish a central hub that facilitates business-related decision making and risk management.”
Additionally, in their definition, Gartner defines ITRM solutions by their ability to facilitate risk workflows, aggregate risk-related data, design logic to enable risk prioritization, and provision mapped regulatory content and compliance mandates.
Moreover, researchers predict that by 2025 half of all midsize and large businesses shall use risk management to aggregate digital risks. Additionally, they anticipate the evolution of risk management to monitor and aggregate data from social media and IoT environments.
In the 2020 Gartner Magic Quadrant for IT Risk Management, researchers evaluate the strengths and weaknesses of the providers it considers most significant in the marketplace. Then, it provides readers with a graph (the eponymous Magic Quadrant) plotting the vendors based on their ability to execute (Y-Axis) and their completeness of vision (X-Axis). The graph is divided into four quadrants: Niche Players, Challengers, Visionaries, and Leaders. At Solutions Review, we read the report, available here, and pulled out the key takeaways.
Gartner named 15 vendors to the ITRM Magic Quadrant in 2020: Allgress, Galvanize, IBM, LogicManager, MetricStream, NAVEX Global, OneTrust, Reciprocity, Resolver, Riskonnect, RSA, SAI Global, ServiceNow, SureCloud, and TechDemocracy. While Gartner changes its inclusion criteria every year for all of its Magic Quadrants, no vendors were dropped from the previous iteration. Instead, OneTrust, Reciprocity, Riskonnect, SureCloud, and TechDemocracy all earned inclusion in the 2020 report.
Overall, vendors charted in the 2020 Magic Quadrant clustered closer together than in the last iteration, mostly along the line separating Challengers from Leaders. Also, it feels far more populated due to the five new vendors included in this iteration. Further, the movements of the vendors leaves the Visionaries quadrant vacant, whereas in 2019 three vendors appeared there.
Let’s take a closer look.
In the Niche Player quadrant, we find TechDemocracy, Riskonnect, Resolver, and OneTrust. Of these four, three of them appear in the report for the first time; only Resolver appeared in the last Magic Quadrant, having moved significantly to the left from the Visionaries Quadrant.
Gartner praises TechDemocracy for its risk visibility and executive dashboarding and Riskonnect for its predictive modeling capabilities. Resolver garners interest for its R&D efforts focusing on vertical specific and risk category prioritization Meanwhile, OneTrust’s strengths include its extensive information mapping.
In the Challengers section, we find Allgress, SureCloud, SAI Global, Reciprocity, and LogicManager. SureCloud and Reciprocity appear in the 2020 Gartner Magic Quadrant for IT Risk Management as first time inclusions. The other three vendors appeared in the Challengers quadrant in the previous iteration, all of whom moved either significantly (Allgress, LogicManager) or minimally (SAI Global) to the right; this puts them closer to crossing the line into the Leaders Quadrant.
Allgress impressed researchers with its extensive compliance capabilities. SureCloud gained its position in part from its diverse risk assessment approaches. Meanwhile, SAI Global is lauded for its providing risk and control assessments, compliance tracking, and continuous controls monitoring. Reciprocity receives notice for its data isolation, region locking, and file management capabilities among others. LogicManager is singled out for its customer experience.
Finally, in the Leaders Quadrant, we find ServiceNow, Galvanize, RSA, NAVEX Global, IBM, and MetricStream. ServiceNow crossed into the Leaders from the Challengers section, whereas RSA moved significantly down but also to the right off the line between Challenger and Leader quadrants. IBM moved down and to the left, closer to the Visionaries section. Galvanize made small movements up and to the right, also leaving the line between the two upper sections. MetricStream moved up from the Visionaries quadrant, as well as moderately to the right, while NAVEX Global (which acquired LockPath) also rose from the Visionaries but moved somewhat more left closer to the Challengers.
NAVEX Global, using LockPath as its ITRM platform, garners attention for its implementation services. Researchers note RSA’s on-premise delivery model. Galvanize’s strengths include analytics and reporting capabilities and FedRAMP Authorization. IBM’s product strategy and portfolio garners praise. MetricStream is lauded for its cybersecurity risk management capabilities, with a roadmap focused on cyber-risk quantification. ServiceNow made the Leaders section for its product functionality, performance and roadmap.