Identity Management and GRC: The Analogy

I find it interesting how IdM implementations are no longer considered to be "complete" without considering the inclusion of GRC applications. Recent architecture discussions I've been in always seem to include mention of how the two applications should interact. It was not all that long ago that GRC was considered to be unhelpful in promoting security.

In discussions with other IdM and IT Security folks, the general consensus seems to be that IdM solutions should provide the provisioning "muscle" to provide the action and provide feedback along the workflow based "nervous system" to the GRC "brain" that decides what action should be taken and to record it in memory.

I find this analogy to be quite helpful when describing the roles (sorry for the pun) each application should take in the overall IT Security Architecture.

However, the questions do not end here. It will be interesting to watch over the next months and years to see if IdM becomes a subset of GRC or vice versa. What are the advantages? What are the disadvantages? How will SaaS affect these changes? Hopefully product announcements, briefings and real world experience will answer these questions soon.

UPDATE -- Just say this link which had some similar, interesting thoughts as well.