On 4 January 2010, EMC announced that it plans to acquire privately held Archer Technologies, a software firm that focuses on IT governance, risk and compliance (GRC) management and enterprise GRC platforms. The acquisition was led by EMC's RSA division, which is responsible for IT security offerings. EMC did not disclose the terms of the deal, but said that it is expected to close during 1Q10.

This acquisition is mutually beneficial for EMC and Archer. The latter gains a powerful brand name and access to EMC's installed base. Archer's platform will enable EMC to provide a common policy and reporting integration layer to its many IT security and operations control products. With that integration, EMC — particularly the RSA division — can engage as a strategic IT GRC player. However, EMC will be challenged to maintain the independence of the Archer product line, which integrates data from many third parties, and also by continuing to develop Archer's enterprise GRC management capabilities.

Over the next year, EMC will focus its product development efforts on IT GRC, integrating RSA's IT security offerings and other EMC IT operations offerings, particularly EMC Ionix, with the Archer platform. Archer has competed aggressively in the enterprise GRC platform market, but it is not clear that EMC would embrace Archer's vision for that market and use it as a resource. While IT GRC is the immediate opportunity that EMC is seizing, Archer could create other opportunities for EMC in the GRC marketplace:

• Now that EMC has assembled e-discovery, e-mail archiving and records management offerings, it has the opportunity to apply the Archer platform for legal GRC use cases.
• Archer's vendor management and risk management modules could be useful to EMC customers that are managing risks of both data center operations and alternative IT services models, including cloud.
• Even though EMC's focus on VMware likely means reduced investment in Archer's visionary cloud developments, the Archer SmartSuite Framework, which is core to the Archer platform, is used by some customers as a platform as a service offering (PaaS) offering. This platform could complement EMC's cloud computing strategy.
• The Archer business continuity management planning module could complement EMC's IT disaster recovery consulting practice.

Current and prospective Archer customers:

• If you are focused on IT GRC, you will likely benefit from this acquisition; however, seek reassurance regarding continued support of third-party control product data sources.
• If you are currently using Archer for enterprise GRC, expect the same level of support; however, during 2010, be diligent in assessing the level of commitment that EMC places on enterprise GRC development.
• If you are evaluating Archer technology for legal GRC use cases, request specific commitments from EMC regarding any use cases that are not currently supported.

• "MarketScope for IT Governance, Risk and Compliance Management"— The IT GRC management market is in its early stages and rapidly growing as larger vendors begin to join the startups already participating. By Paul Proctor and Mark Nicolett
• "Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms"— The market for enterprise GRC platforms is evolving beyond its initial focus on regulatory compliance to encompass risk management, audit management and policy management. By French Caldwell and Tom Eid

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)