Gartner Magic Quadrant 2021 for IT Risk Management


Solutions Review editors highlight what has changed since the last iteration of the Gartner Magic Quadrant for IT Risk Management and provide analysis for the new report.

Analyst house Gartner, Inc. released its 2021 Magic Quadrant for IT Risk Management. The researcher defines IT risk management (ITRM) as “software and services that operationalize the cyber risk and IT risk management lifecycle within the context of an organization’s mission”. These tools are implemented to establish a centralized hub that simplifies and facilitates the management of business risks. ITRM platforms help security and risk management (SRM) professionals manage cyber and IT risks for four common use cases, namely risk assessment and IT controls; regulatory, industry and policy compliance; cyber risk management; and integrated with enterprise risk management.

Although ITRM tools are primarily used for the aforementioned use cases, US federal organizations often use ITRM products to meet current and future US federal compliance regulations for systems assessment and authorization. Additionally, key features of ITRM solutions include workflow management; data integrations and connectors; information and discovery and inventory of assets; User access; Risk analysis; risk treatment life cycle; board / senior management reports; near real-time IT risk profiling; management of regulatory and policy content; integrations of threat and vulnerability management; and incident management integrations.

The market for ITRM products is growing, with great interest in stand-alone ITRM products or ITRM use cases within Integrated Risk Management (IRM) platforms or governance, risk and compliance platforms ( GRC), according to Gartner. The growing attention to cybersecurity has led to a growing interest in cyber risk-specific ITRM features. Additionally, interest in ITRM initiatives is expected to continue due to cybersecurity and privacy mandates, as well as a digital, remote or hybrid business operating environment.

Gartner predicts that by 2023, 80% of organizations with formal risk management programs will use an ITRM product to manage their cyber and IT risks, up from 45% today. Additionally, the recent introduction of new vendors has disrupted the market, causing a shift towards cloud-centric ITRM deployments. For this reason, many ITRM vendors have slowly shifted to a SaaS-first offering. Going forward, Gartner expects ITRM vendors to incorporate machine learning capabilities into their products on a larger scale, including natural language processing, integrated chatbots, and evidence-based suggestions. previously provided evidence.

In this Magic Quadrant, Gartner assessed the strengths and weaknesses of 14 vendors it considers the most important in the market and provides readers with a graph (the Magic Quadrant) representing vendors based on their Execution capacity and their Entire vision. The graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. At Solutions Review, we read the report, available here, and pulled out the main takeaways.

Gartner is adjusting its evaluation and inclusion criteria for the Magic Quadrants as software markets evolve. Although no vendors were added or removed, three vendors have changed their names from previous iterations of this report. Archer was renamed from RSA Archer to Archer, SAI360 was renamed from SAI Global to SAI360, and Diligent acquired Galvanize. Gartner also occasionally lists Honorable Mentions that do not meet the criteria for inclusion, but are of interest to their customers due to their open source approach and market dynamics. This year’s honorable mentions are Camms, CyberSaint and eramba.

Representative vendors for this year’s Magic Quadrant include Allgress, Archer, Diligent, IBM, LogicManager, MetricStream, NAVEX Global, OneTrust, Reciprocity, Riskonnect, SAI360, ServiceNow, SureCloud, and TechDemocracy.

The leading quadrant is the most densely populated this year, containing ServiceNow, Diligent, Archer, MetricStream, IBM, NAVEX Global and SAI360. ServiceNow is ranked number one when it comes to ability to deliver. This status could be assigned to the supplier with one of the highest R&D budgets among the suppliers assessed in this report. ServiceNow’s closest competitor in this quadrant is Diligent, which is one of only two vendors included in this Magic Quadrant with an Operating Authority (ATO) for its platform. This meets a primary qualifying criterion in cloud service purchasing decisions for state and federal agencies.

Archer, MetricStream, and IBM are all tightly clustered in the Leading Quadrant. Archer sets itself apart with its ability as a workflow process designer, which offers ease of use in designing zero-code workflows, a modern user interface, and flexible actions or workflow nodes. . MetricStream’s strength lies in its ability to constantly adapt and improve its roadmap in response to customer feedback and demand, as demonstrated by its investment in improving the user experience. Conversely, IBM claims the broadest geographical presence in this report and also has a strong product vision for machine learning and increased risk management and compliance based on artificial intelligence.

SAI360 and NAVEX Global round out the leaders. SAI360 is located closest to the Y axis. This placement could be due to the vendor’s predefined solution tailored to small organizations’ IT risk management and cybersecurity program needs. NAVEX Global has been placed closest to the X axis. The vendor will focus on improving the user experience by making improvements to the user interface, evolving the automated workflow and adding capabilities online recording editing.

This year’s challengers are all located near the Y axis of the chart, with OneTrust placed directly on the axis itself. OneTrust’s location could be attributed to its strong internal knowledge base, product design and experience. LogicManager achieved the highest execution capacity among the challengers. The vendor provides each client with a team of industry-based consulting analysts who work with the end user to implement the solution aligned with business needs.

The other challengers in this year’s report are Reciprocity and SureCloud. In 2021 and 2022, Reciprocity is expected to continue expanding its benchmarking capabilities and platform to support third-party risk. SureCloud, offered exclusively through SaaS, is looking to revamp its platform to optimize performance and flexibility.

There are no visionaries listed this year, leaving only the niche players. Allgress is located closest to the X and Y axes in this quadrant. Its solution is mainly aimed at SMEs in finance, health, technology, state or federal government. Allgress also offers a range of deployment options. TechDemocracy, also a niche player, has probably earned its status because it is one of the few products that only focuses on cyber risk management as a standalone product. Finally, Riskonnect offers RK GoLive !, which introduces two implementation options to facilitate deployment by focusing on best practice configuration or customer configuration.

Read the Gartner Magic Quadrant for IT Risk Management.

Tess hanna
Latest articles by Tess Hanna (see everything)


About Author

Leave A Reply