EMC Corporation today announced that it has signed a definitive agreement to acquire Kansas-based Archer Technologies, a privately held provider of governance, risk and compliance (GRC) software. The acquisition will build upon EMC’s expertise and leadership in helping customers better visualise and manage risk throughout their IT infrastructure. EMC’s acquisition of Archer is expected to close in Q1 2010, subject to customary closing conditions. The transaction is not expected to have a material impact to revenue or EPS for the full 2010 fiscal year.

The combination of Archer with technologies for information risk management and information security from EMC’s RSA Security Division will significantly extend EMC’s powerful solutions portfolio for visualising and managing risk, enabling customers to automate GRC visibility and policy enforcement across both physical and virtualised IT environments. Archer will remain in Overland Park, Kansas upon completion of the acquisition and operate as a part of RSA, the Security Division of EMC.

“Traditional security management focuses primarily on addressing technology issues, but our customers are telling us that their real challenges are in the areas of policy management, audit and compliance,” said Art Coviello, president, RSA, the Security Division of EMC. “You can’t manage what you can’t see. The Archer solution not only offers the visibility into risk and compliance that customers need, it brings stronger policy management capabilities to the RSA portfolio. The end result is customers are able to better manage their security programs and prove compliance across both physical and virtual infrastructures, and effectively communicate to the business.”

With more than six million licensed users and a client list that already includes 25 of the Fortune 100, Archer delivers automated, integrated and sustainable GRC solutions for managing the lifecycle of corporate policies and objectives, analysing and managing business risks, and demonstrating compliance. Archer’s out of the box solutions, including Policy, Risk, Compliance, Enterprise, Incident, Vendor, Threat, Business Continuity, and Audit Management, are built on the flexible Archer SmartSuite Framework, allowing clients to tailor the solutions according to their unique requirements. Whether deployed on premise or via Archer’s SaaS model, the framework has become a go to GRC platform for many global organisations.

Archer’s technology, coupled with RSA’s solutions for data loss prevention (DLP) and security information and event management (SIEM), will provide customers with a broader set of IT-GRC solutions, ranging from policy orchestration and powerful security controls through real-time security event management and remediation. Archer’s technology will also benefit from complementary solutions such as EMC Ionix, helping customers automate IT configuration change and compliance across server, network, and storage environments – both physical and virtual. “Putting the resources of EMC and its RSA Security Division behind us will bring tremendous leverage to our technology development, customer support, partner ecosystem and go to market capabilities,” said Jon Darbyshire, CEO of Archer Technologies. “We are in 25 percent of the Fortune 100 companies today, but EMC’s customers include nearly 100 percent of them. With EMC’s global reach, we will gain the scale we need to expand our market penetration while continuing our strong tradition of customer-driven innovation.”

“With Archer, we can also make information security a more integrated element of overall IT-GRC efforts,” added Coviello. “We can help customers unify their visibility and processes across security, business continuity, configuration management and a range of broader IT compliance tasks.”

According to an independent February 2009 Forrester Research, Inc. report titled The GRC Technology Puzzle: Getting All The Pieces To Fit, “Organisations that better coordinate their governance, risk, and compliance processes have the potential to reduce the cost of audits, streamline compliance reporting, identify and mitigate risks, and deliver insight for more informed strategic decisions. While organisations can achieve many of these benefits without investing in new technologies, software often provides the foundation for efficiency, consistency, and repeatability required for continued GRC success.”

Archer will provide EMC with a flexible platform of broad enterprise GRC capabilities that will augment the security and governance, risk, and compliance capabilities of EMC Consulting, a line of business of EMC Global Services. These capabilities will be leveraged by Archer and EMC’s extensive partner ecosystems and be expanded over time.

“Operating in a cost-reduced environment amid a tough marketplace, with heightened governmental oversight and a promise of more regulations in 2010, poses significant challenges for today’s boards and management, who also face rising expectations from stakeholders” said Greg Bell, principal and global services leader for KPMG’s Information Protection practice. “It becomes more important for organisations to secure their business intelligence, manage enterprise risks, comply with regulatory standards and provide corporate oversight in a holistic fashion. The announcement by EMC and Archer indicates a continuing trend of service organisations joining to leverage their unique capabilities in a way that will help companies meet the challenges of today’s market.”