Series Spotlight: Revolutionizing GRC with 6clicks: Part 1 - Managing a Multi-Entity GRC Architecture with 6clicks Hub and Spoke
Manage episode 306620246 series 2394860
Welcome to this special podcast series, Series Spotlight: Revolutionizing GRC with 6clicks, sponsored by 6clicks. This week I visit with Joe Schorr, Vice President (VP) of Global Channel Sales, Andrew Robinson, co-founder and Chief Information Security Officer, Stephen Walter, head of Marketing, Dr. Heather Buker, Chief Technology Officer, and Ant Stevens, co-founder and Chief Executive Officer. Over the series, we will break down 6ckicks Hub and Spoke approach, utilizing Artificial Intelligence (AI) and Machine Learning in governance, risk and compliance (GRC), curating and maintaining a robust GRC content, producing audit ready reports, and look at what’s next for 6clicks down the road. In Part 1, I am joined by Joe Schorr on Managing a Multi-Entity GRC Architecture with 6clicks Hub and Spoke.
Schorr handles global channels, which encompasses service provider partners and technology partners and the traditional channel resale role. We turned to the ‘hub and spoke’ model which 6clicks advocates. He said that 6clicks pioneered the evolution from a multi-tenant or federated approach of GRC architecture to hub and spoke model. The difference is that in a multi-tenant or federated approach it is seen as much more vertical or up and down the chain. But the hub and spoke is “just like with airline travel, back in the old days of networking, where we had hubs, routers and switches and the computers all hooked to a hub.”
Moreover, the hub and spoke approach facilitates a GRC conversation with a wide variety of people. This could include compliance professionals, lawyers, other non-technical folks at the C-suite or executive level and certainly in the Board level and everywhere in between. It helps to define everyone’s role in the GRC and broader risk management process. Schorr said, “That’s beauty of it because you can craft it. For instance, in a Private Equity company with multiple portfolio companies, there is much sensitive information and, not everybody in every portfolio company needs to see what’s going on in every other portfolio company. This approach allows an organization to segregate all that data yet allows you the freedom to utilize the information you want to as access control is built into the architecture.”
We continued on the example of the private equity firm with multiple portfolio companies, which are sometimes in the same industry, but sometimes not. There is always a wide variety of data and disparate sources of data that you have to pull in. This disparate data has to be collected, in a manner that can be utilized by the private equity firm, the corporate office, whatever the hub might be. However, the stakeholders, corporate subsidiaries or portfolio companies at the end of the spoke might need that data to make tactical if not strategic decisions. Next, overlay reporting to senior management and then a Board of Directors, all in a changing regulatory environment. This hub and spoke architecture can be an incredibly powerful way to collect and utilize data. Schorr explained, “if you are hired to do a risk assessment against 200 portfolio companies, you have a massive set of risk data in all kinds of different things. You have collected data; you have interviews, you have done vulnerability scanning, you’ve done risk assessments, third party risk assessments, vendor assessments, everything you could possibly imagine. That is all rolled up collected somewhere and a bunch of smart people look at it and we’re all trying to grade it and do things manually and push it around. And at the end of the day, just like you said, this is really important.”
Join us tomorrow where we take up utilizing machine learning and AI in your GRC practice with Andrew Robinson, 6clicks co-founder and Chief Information and Security Officer.
For more information on 6clicks, check out their website here.