Recently I complained about the insufficient use of existing technologies. But there are some out there who do a better job. Sailpoint is one of these vendors. They are, together with some few others like Aveksa, in the process of establishing the new market segment of "Identity Risk Management". That is a discipline within GRC which deals specifically with risks which are in some way or another identity-related - which are most of the risks, by the way. It's about answering questions like "who is allowed to do what", but in detail and not only high-level. And with a high degree of automation.

And they do it by using Business Intelligence and Data Warehouse technologies.  Thus, they don't reinvent something on a lower level but make use of existing technologies. The result is an appealing application which obviously is build on some strong kernel of technology.

Another interesting thing about Sailpoint is that there are several well-known guys from the IAM market - some of the founders and early employees of Waveset are no part of Sailpoint. That obviously means that they understand a lot about Identity Management and that they also understand what the customers need beyond provisioning.

Thus, having a look at companies like Sailpoint and Aveksa and the entire new descipline of Identity Risk Management is a must. And, no surprise: Identity Risk Management will be an important topic at our European Identity Conference 2008.