The portal represents a nice piece of (buzzword alert!) “synergy” between Prevalent and the Symantec’s Control Compliance Suite.
Prevalent, which specializes in governance, risk and compliance, saw a real demand from customers who needed to see all the compliance policies across their various business units and departments said Jonathan Dambrot, managing partner of the Warren, N.J.-based VAR.
Often, even the chief security officer (CSO) of a company has no idea where all the policies are, Dambrot said. These policies get published to divisions but in many cases that policy won’t comply with overall corporate policies and no one is checking them against those corporate policies, he said. What these companies need is something that will integrate with the company intranet and let people look across all the policy silos.
Towards that end, the Prevalent Policy Portal (or PPP) sits atop Symantec CCS, tying into its underlying database structures so users can see what’s there. It adds a hierarchical view of those policies over and above what CCS itself offers. Over time it will also aggregate policies wherever they reside in the company–perhaps in SharePoint or other repositories, Dambrot said.
VARs like Prevalent have long straddled the increasingly murky line seperating software resellers and ISVs. Most software VARs already do some degree of customization of the packages they sell or outright application development for customers.
So what’s the attraction?
Recurring revenue, for one thing. Dambrot would not specify exact pricing but said maintenance on the software would be 20% to 30% of purchase price. And that’s on going revenue.
Prevalent got its portal idea because of what it saw in customer accounts.
“We were doing a pretty large RFP around compliance and the issue was the CFO and the CSO couldn’t see all their policies. They started looking at products from Symantec, Archer and other players and did an analysis. They liked all the players but from the end-user perspective, they couldn’t search across the various policy silos,” Dambrot said.
This, it turns out, is a pretty common problem. “CSOs have no idea where all the policies are. They get published to their divisions but in many cases they don’t comply wiht overall corporate policies and no one is checking them against those corporate policies.”
Likewise, an end user in one department cannot measure the policies that govern his group vs. higher-level corporate or other department policies. The PPP will help give these constituencies the full view of their policies
Prevalent–and potentially other VARs with compliance expertise–will sell the add-on into Symantec CCS shops.