Recently the topic of compliance management and enforcement of compliance regulations in relation to identity management solutions has gained momentum.
Latest news about joint offerings from ARCOT and CA on their authentication and authorization products do imply that vendors are looking for ways to further increase the scope of issues they are able to address. On the other hand, CA has taken steps to reduce their own stack of software, as they are selling of the former "Silent Runner" technology acquired a few years ago, thus losing IP on deeper network analysis and correlation - a market field that had been pretty much lost to ArcSight, as CA´s Security Command Center never really was able to gain momentum.
Anyway, vendors are very much closing in to broaden their reach regarding GRC and real-time compliance/audit capabilities. I am pretty much looking forward to see those technologies up and running - so if you already decided to invest here, let me know!