Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2017 > July

For the fourth consecutive report, Dell (RSA) has been named a Leader in Gartner’s Magic Quadrant (MQ) for Business Continuity Management Program Solutions (BCMP)!


Of note, RSA Archer has again been named a Leader in Gartner Magic Quadrants for Operational Risk Management, IT Vendor Risk Management, and IT Risk Management.


In the BCMP MQ, Gartner states that, “the 2017 BCMP solutions market — with an estimated $300 million global market revenue — has broadened its IT disaster recovery management, crisis management and risk management capabilities since 2016.” 2.  They go on to say that, “the critical capabilities of BCMP solutions center on providing business leaders with a more effective means of evaluating operational risks and business impacts, as well as planning for, responding to, recovering from, and restoring after a business disruption.” 2.  And we couldn’t agree more.  BCM continues to evolve as a critical function that must focus on managing business risk and IT risk, covering the lifecycle from resiliency planning to execution, and providing management with information to make decisions based on real business impacts.  Also, as implied in the name change for this Magic Quadrant, from “Planning” to “Program” solutions, BCM teams now play a larger part in the organization’s risk mission and must run their BCM programs accordingly to support this increased responsibility.


We believe that an important factor in RSA’s placement as a Leader was based on our ability to leverage risk throughout the platform and solutions; especially critical in light of Gartner’s emphasis that BCM is an important contributor to risk management.


We extend our gratitude to our customers for sharing their valuable insights and experiences with Gartner. For as long as the RSA Archer product roadmap and capabilities have existed, our community of active and enthusiastic users has been at the heart of it all, and we thank you.







This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Dell RSA.


Figure 1. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


2. Magic Quadrant for Business Continuity Management Program Solutions, Worldwide. Published: 12 July 2017. Analyst(s): Roberta J. Witty, Mark Thomas Jaggers

With today’s ever growing threat landscape, the volume, sophistication, and potential damages of attacks is increasing. It is becoming increasingly harder to stop attackers from entering your system networks, isolating their motives, and most importantly removing them once they are there.  A typical security environment uses multiple disconnected technologies, supplying an immense amount of information.  Prioritizing a specific piece of data is important to responding quickly to attacks.  At a higher level, however, there is a need to understand if the security strategy is really effective for the business.  In summation, businesses need to change their security strategies.


The solution?  RSA provides a top down approach strategically linking business risk management with security events and priorities

  • Make security teams operationally more impactful
  • Strategically manage business risk

By bringing different practices together, linking security incidents with business context allows security teams to respond faster to protect what matters most.

The RSA suite of tools

  • Keeps the bad actors out, but allows entry to those that have legitimate need to easily access the system
  • Enables visibility and analytics to view the big picture to provide insights into specific attacks
  • Provides business context linked to contextual intelligence for a more informed approach
  • which can then be translated into action

The video in this eLearning discusses how RSA’s tools provide both the detailed information linked to the business context to protect the most sensitive assets.

We know you really want to join the more than 2,000 security, risk and compliance professionals at the premier Business-Driven Security event, RSA Charge 2017, Oct. 17-19 in Dallas. Now you have one final, limited opportunity to enjoy a $300 savings with our ‘throwback’ to the Early Bird Discount Rate of $645.


This is your opportunity to network with RSA customers, partners, and industry experts while discovering how to implement a Business-Driven Security strategy in an increasingly uncertain high-risk world.


Use the Throwback Thursday code 87CTHRWBCKJUL and save $300 on your attendee pass.


Need a little more convincing, in addition to the $300 savings? Well, we have this covered too!


Check out our latest Keynote Lineup, including

  • Marc Goodman, Global Security Advisor, and Futurist will explain how to cultivate informed workforce to create a human firewall, in what promises to be a highly engaging and humorous keynote presentation


Sneak Peek at our Upcoming Agenda of robust programming you can expect at RSA Charge 2017. Tracks include:

  • Taking Command of Your Risk Management Journey
  • Transforming Compliance
  • Managing Technology Risk in Your Business
  • Inspiring Everyone to Own Risk
  • Detecting and Responding to Threats That Matter
  • Secrets of the SOC
  • Identity and Access Assurance
  • Reducing Fraud, While Not Reducing Customers
  • RSA Archer Technical
  • RSA Archer Technical, Advanced


Don’t miss out on your chance to attend RSA Charge 2017 with the limited ‘Throwback Thursday’ event. Use code 87CTHRWBCKJUL to register.


Discount code expires Thursday, July 27, 2017, at 11:59 PM PST. Offer cannot be combined with any other promotional code.


For the third time in a row Dell RSA Archer is very excited and honored to be recognized by Gartner as a Leader in the 2017 Magic Quadrant for IT Risk Management!!


2017 Gartner Magic Quadrant - IT Risk Management

RSA Archer (Dell Technologies) was positioned as the IT Risk Management vendor with the highest rating for "Ability to Execute." We believe our understanding of the market, product innovation, and geographic reach are just a few of the highlights that earned us this well received recognition this year.


We humbly extend our sincerest gratitude to our customers for sharing their valuable insights and experiences working with RSA Archer with Gartner directly. While it isn't difficult to find vendors talking about the importance of their customers, here at RSA Archer our customers really do define our success. Our large, recognized community of active users is at the heart of how we drive our products forward.


Whether you're just beginning to explore GRC or you’re already managing a successful program, I encourage you to review Gartner's full report. Many valuable market insights can be found, along with important things to consider as you prepare to take command of your GRC journey.


Need help building a business case? Check out resources on the RSA Link Community for detailing the business value of RSA Archer and estimating ROI. We're also standing by, ready to answer your questions as we continue our mission to enable customers to know which risks are worth taking.


This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Dell Technologies.

Results of a recent Deloitte global survey on third party governance and risk management found that "87% of respondents have faced a disruptive incident with third parties in the last 2-3 years, of which 28% faced major disruption and 11% experienced a complete third party failure."


Clearly, the significance of third parties in business today – and the risk that comes with it -- can’t be overstated. With growing reliance on third parties and outside vendors in all aspects of business, now more than ever, organizations need the right tools to help them properly manage these critical relationships.


It is against this backdrop that we are pleased to announce that Gartner has named Dell RSA Archer as a Leader in the 2017 Gartner Magic Quadrant for IT Vendor Risk Management – the third consecutive time for this designation. The report evaluates and compares IT VRM software vendors with respect to competitive buying criteria.



We believe Gartner has once again recognized RSA Archer as a Leader in the IT VRM market based on the robust feature set of our solution and the configurability and workflow options our platform provides customers. We also think Gartner understands our use case approach that allows customers to deploy our solutions based on their current and expected levels of maturity without unnecessary overinvestment or complexity.

We’d like to sincerely thank our customers who participated in Gartner's assessment this year.  We know you are very busy, but your feedback is invaluable in helping to inform others of your experience with RSA Archer.


Please contact us if you would like additional information regarding any of our solutions, including RSA Archer Third Party governance. If you would like to receive a copy of the Gartner Magic Quadrant for IT VRM, click here.


This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Dell RSA.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

I’m dating myself here, but I used to love to watch the Andy Griffith Show. I liked Andy’s calm demeanor as he tried to raise his son Opie while dealing with Barney Fife, his neurotic sidekick. I especially enjoyed this exchange between the two of them as they discussed raising kids:


Barney:  Well, today's eight-year-olds are tomorrow's teenagers. I say this calls for action and now. Nip it in the bud. First sign of youngsters going wrong, you've got to nip it in the bud.

Andy:  I'm going to have a talk with them. What else do you want me to do?

Barney:  Well, don't just mollycoddle them.

Andy:  I won't.

Barney:  Nip it. You go read any book you want on the subject of child discipline and you'll find every one of them is in favor of bud-nipping.


Nip it in the bud. In other words, deal with issues promptly and don’t let them linger. (Having raised a child or two, I’ll add the need for fair rules, love, and consistent treatment relative to the child and their behavior.)   This bud-nipping does help to some extent as younger kids turn into teenagers, but you still get that kid that’s just an unpredictable tsunami regardless.  However, for the most part it helps to have a plan with the younger ones so that when they get older the tsunamis aren’t devastating.


Apply this to incident management versus crisis management: incidents are like young kids and crisis events are like teenagers.  Incidents are typically small events that routinely occur in running an organization.  They could be safety-related, employee-related, or a manufacturing incident, depending on the type of organization. They’re usually not a big deal and are resolved fairly easily. Crises, on the other hand, are incidents that have gotten out of control. They’re bigger and oftentimes very nasty. Each crisis is unique, so we may not have all the details or information at the time on how to deal with them.


My point? Organizations need to spend more time putting solid incident management procedures in place – “bud-nipping” if you will -- to reduce the likelihood that incidents turn into crises. Here are three ways to do that:


  1. Keep it simple and consistent. Have a simple and consistent process for dealing with incidents. Make the process simple because on top of normal resolution procedures, you will also have unique incident types that will require different steps to resolve them. Simple incident resolution processes are more consistent and can be applied the same way. Simplicity also helps people better understand their roles in dealing with incidents.
  2. It takes a village. Just as the adage says “it takes a village to raise a child,” it also takes a village to handle incidents – and even more so if and when they become crisis events. Make sure your process for dealing with incidents includes the appropriate people, depending on the incident type. For example, if the incident is employee-related, include human resources. If the incident could result in public exposure, involve your public relations experts. And include them as needed, but sooner than later, which leads to my last point.
  3. Act quickly and early. If you’re going to make an assumption about incidents in general, assume any one incident has the potential to turn into a crisis and treat them accordingly. Some incidents are just a normal part of doing business, while others are more complex or subjective. For both types, keep in mind that an ounce of prevention is worth a pound of cure. Act quickly and early to resolve them.


Now, having said this, there will still be those incidents that turn into full-scale crisis events -- just like regardless of doing all we can to raise well-behaved kids, those unruly teenagers can still pop up from time to time. You must have plans to deal with crises, too, but that’s the subject of another blog, or a book or two. The main point I wanted to make today, similar to Barney Fife’s approach to “nip it in the bud”, is to treat incidents that occur in the normal course of business seriously.  Deal with them promptly and involve the right participants.  For more interesting conversation, email me at



Calling all RSA Archer customers!! RSA Charge 2017 (Dallas, TX, Oct. 17-19, 2017) will be here before you know it -- and NOW is the time to submit your nomination for the RSA Archer Awards.


This year, we will once again honor organizations that are implementing RSA Archer governance, risk, and compliance (GRC) solutions in innovative ways. The awards recognize customers that are building cutting-edge use cases and integrations using RSA Archer to support process automation, collaboration and reporting.


This year’s awards categories include:

  • Innovation Award
  • Return on Investment Award
  • Community Advocate Award
  • Excellence Awards


We invite and encourage all RSA Archer customers to submit an award nomination for their organization in any of these award categories. Simply download and complete the nomination form and tell us about your organization's approach to solving GRC challenges. Then email your completed nomination form to The deadline is Monday, July 24, 2017!


If you have any questions regarding your submission, please contact your field sales and/or existing accounts manager.


We look forward to receiving your submissions. And good luck to all!

Following on a series of high-profile accolades, RSA Archer was recently recognized with two OperationalRisk Awards: Best Overall Provider of the Year Award; and Best Cyber Risk / Security Product Award.  These two awards represent an acknowledgment of the ongoing importance of cyber risk management within an overall operational risk management program and RSA Archer’s leadership as a business risk management solution.     


The RSA Archer Suite enables organizations to manage the breadth of operational risks that exist today.  As it relates to information security, in particular, the RSA Archer Suite helps organizations understand what information is important to protect, where it is located within the organization, the risk it poses, the risk treatments in place to mitigate and transfer risk, the means to document control design and effectiveness tests, manage policies, enforce accountability for outstanding issues, and enable collaboration between IT and the rest of the organization, transforming traditional technical discussions of cyber security into a Business Driven Security discussion.

When announcing these awards the publisher stated:

“The [RSA Archer] system has not only proven itself to be reliable and insightful, according to users, but it has also made the monitoring and control of cyber risk accessible to users across the enterprise, from non-security functions to the CISO. Sitting within the broader RSA Archer governance, risk and compliance platform, the system can be used to identify threats that may harm the entire enterprise.

‘Business continuity manages their risk. Compliance and control evaluations manage their risk. RSA Archer has enhanced our ability to bring these areas together, and we’re finding that linking business continuity to security and to vendor risk provides a more comprehensive risk picture,’ explains one user.

Whilst comprehensive, RSA Archer has also proven flexible in its application, so that institutions’ risk management frameworks have not had to be reconfigured in order to accommodate the platform. By avoiding a prescriptive approach, the system has even been accessible to firms with well-established methodologies.

Judges recognized RSA’s flexibility as well as the technical capabilities of the platform.”

We couldn’t be more pleased.  These awards provide validation that we are bringing the best solutions to market to fulfill the business needs of our customers; and our customers can be confident that they are using the best solution to address their problems around information security governance and operational risk management.

Full Story

RSA Charge 2017’s ‘Call for Speakers’ resulted in an unprecedented number of abstract submissions across all RSA product solutions – RSA Archer Suite, RSA NetWitness Suite, RSA SecurID Suite (including RSA Identity Governance & Lifecycle), and RSA Fraud & Risk Intelligence. The submissions from RSA customers and partners included the sharing of first-hand knowledge, advice, ideas, experiences, case studies, and even war stories that submitters wanted to share with their RSA product peers at the Charge event in October.


Though the RSA Charge Program Selection Committee is thrilled by the high caliber of submissions, the Committee now faces the hard task of whittling down the list of submissions to 100 across all RSA products. Though no final decisions have yet been made, the Committee noticed that there were many submissions that had similar titles and themes, so they decided to allow you the opportunity ‘voice your choice’ from a small, random subset from the abstracts received.


And, for the first time, with a registered RSA Link account, you can vote on Tracks across the entire RSA product portfolio. That’s right, you can vote on any of the product Tracks listed, but you can only vote once ‘per abstract.’


So let your voice be heard - this is your chance to 'vote your choice' and have a say in this year's RSA Charge 2017 Agenda. To vote, simply click on the Proposal Abstracts and cast your vote across all RSA Product Tracks.


Thank you for the amazing ‘Call for Speakers’ submissions for RSA Charge 2017 – it’s going to be an event you will not want to miss. If you haven’t registered for RSA Charge 2017, be sure to do so today!  


Filter Blog

By date: By tag: