The new generation of companies (like Twitter and Uber) go from zero dollars to billions in five years, not 50. Enterprise software startups land bigger deals, faster, because they are more agile than 20 years ago, and they deliver their offerings via the cloud.  All of them are getting hit with risk and compliance issues much earlier in the life of their companies.  Why?

20 years ago, when a vendor sold software, they would give the customer a CD, and nobody cared about the vendor’s internal house.  Things were easy, nobody cared much about compliance.

But 10-15 years ago the cloud started to rise.  The world shifted to subscription models and logins, and suddenly enterprise customers started to care about risks and how venders comply to the various security standards around their data (SOC 2, ISO, etc).

Over the past 5 years, if an enterprise software vendor wants to grow faster and sell to larger companies, they need to be SOC 2 compliant.  If they want to sell to the U.S. government, they need Fedramp.  Before, it would take a decade for a vendor to close those deals, if ever.  Now it takes 18 months.

For these companies to survive, they must put resources towards risk and compliance issues.  If they use the blunt tools of 20 years ago they may be able to put their internal house in order, but they will also find that their business processes ossify, and their agility will erode.

For these companies to thrive long into the future, they must treat these GRC projects like any other IT project, and apply their resources towards using agile methodologies, techniques, and tools.

To thrive in the rise of GRC and use Agile Compliance techniques, read my previous post on tips to be more agile.

Photo Credit: theaucitron