By Rajesh Raman, Vice President/Zaplet, MetricStream
Imagine a workshop full of tools: hammers, wrenches and screwdrivers. These simple tools can be used on a variety of materials: wood, brick, polymer and so on. But are these basic tools the best and enough for all materials and all projects? No, some projects require more specialized tools.
In the same way, an all-purpose Platform-as-a-Service (PaaS) is fine for building general applications from the ground-up, but specialized areas demand a different and more specialized set of tools. “Enterprise PaaS” are purpose-built platforms for a class of applications, and provide the fundamental functions and intelligent building blocks to meet the needs of that class of applications. Salesforce.com is an example of Enterprise PaaS in the customer relationship management (CRM) space.
There’s a reason companies have begun adopting Enterprise PaaS solutions; it enables rapid development and deployment of domain-specific applications that meet their unique needs and characteristics. In addition, it becomes possible to create a wide range of applications that share data and work and collaborate together in a seamless and more integrated manner than ever before. These applications can be tailored to a specific company’s needs, such as compliance with company-specific policies or unique industry regulations.
Enterprise platforms have matured, bringing a vast amount of specialized and real-world expertise into their particular spaces. For example, in the Governance, Risk, and Compliance (GRC) space, many governance and operational (ex. risk and issue management, audit, etc.) nuances cut across various domains and functions. A GRC Enterprise platform leverages years of global GRC expertise and provides an established set of core functional and data objects, database schemas, forms and workflows that become the basic building blocks on which new applications can be developed.
(Image Source: Shutterstock)
When it comes to Governance, Risk, and Compliance, there is no one-size-fits-all approach. For example, mid-tier banks face challenges in risk management, similar to what the big banks face, but there are subtle variations. Companies of all sizes and industries are increasingly leveraging applications that are built on top of a flexible GRC platform. This approach helps address the unique requirements of mid-tier banks with very targeted applications. For example, a mid-tier bank using a GRC platform-enabled Risk Management App can easily extend and integrate that application with others for audit, policy management, and third-party vendor management, especially as the company’s need and requirements evolve.
Another example is a company who has leveraged a GRC platform approach for incident management. Their “light-bulb moment” occurred when they realized it made more sense to do this from a mobile phone. Their Mobile Incident Management app leverages the sophisticated capabilities of the enterprise GRC platform, that can be accessed seamlessly and in real-time over the interface of a mobile phone.
The real benefit of an Enterprise GRC platform is that the new leverages the old. A platform approach provides a way to cross-leverage intelligence across applications, and also offers a more integrated and unified end-to-end view. This robust and highly flexible model has proven to offer a clear value proposition to the market.
Enterprise platforms also open up opportunities for partners who want to leverage their expertise in some area, and monetize it. For example, a company may be considered experts in energy regulations (e.g. NERC/CIP), but simply cannot deliver their expertise to everyone on a one-on-one basis. They need a platform to build a custom application for this market that can be scaled and delivered to a larger customer base. In this case, the company built its own application on top of the GRC platform that they can sell to their customers. This has become a great way for organizations to build and sell apps, provide the market with real value and also provide the organization with a new revenue stream.
As I mentioned above, Salesforce.com is a cloud-based platform-as-a-service in the CRM space. MetricStream’s Zaplet is similar for the GRC space. Zaplet allows partners and customers of MetricStream to build their own targeted GRC applications, either by extending core functions or adding specialized content, thus creating a thriving ecosystem of hundreds of thousands of business applications.
Zaplet PaaS provides rich development tools, such that a user rarely needs to write additional code. The company can say: “we want to use this data object,” or “we want to extend that attribute,” and then they can build a workflow, create a custom form, and as simple as that, they have a new application that can help them successfully solve their specific GRC problem.
The challenges for Enterprise PaaS are similar to those for general-purpose PaaS, namely: scalability, security and availability. For this reason, enterprise platform providers need to have excellent data centres, which have sophisticated access control and security architecture; expert ways of securing data; and proper segregation of multiple customers’ data.
Another challenge for enterprise platforms is how to make the development tool rich enough, with everything that business users will need—and yet make it simple, intuitive and easy to use, such that no programming training is required.
A GRC platform approach is viewed as the solution, making available all of building blocks needed for GRC application development: compliance, risk, audit, issue management, third-party management, reporting, dashboard, workflows, data functional objects and more.
This post originally appeared on CloudTweaks.