Last year was all about getting regulatory compliance into place so that your business could survive a compliance audit. This year, it’s about reducing the cost of compliance and/or increasing the productivity of your people involved in compliance issues.

As I mentioned last month, Compliance Management (which will be called different things by different vendors as they try to capture the most resonant potential buzz phrase) is the category that will be used to reduce cost and improve performance in this area.

<aside> I mentioned that I thought there were two companies in this niche – Aveksa and SailPoint – but my Network World colleague Jim Kobielus pointed out to me that it’s part of a larger category “…called Governance Risk and Compliance (GRC) Management. Some of the principal vendors in that space are OpenPages, Mega International, Bwise, CA, and SAP.” I stand corrected, and better informed.</aside>

My friends at SailPoint were on the phone last week to tell me about a recent survey they commissioned. Now I’m always a bit leery of surveys sponsored by vendors, and always insist on seeing the raw questions and data. And I can state unequivocally that this “Survey on Identity Compliance” conducted by the Ponemon Institute is one of the most thorough, vendor-neutral, and professionally conducted IT surveys I’ve ever seen. But don’t take my word for it, head over and get your own copy.

The big news (and there is lots of news) I found in the survey shows up in Table 14, on page 13:

-- What are the primary barriers to automating IAM [identity and access management] compliance in your environment?

* Our IAM data is too fragmented and difficult to automate 54%.

* We haven’t found the right tools to automate IAM compliance 47%.

* Responsibility for IAM compliance is dispersed among many groups 30%.

* Automating IAM compliance is not a priority 18%.

* We lack the expertise to implement automation 17%.

Fragmented data, inappropriate tools, fragmented responsibility, lack of expertise leading to low priority for implementation – a classic recipe for disaster. SailPoint hopes you’ll see that its ComplianceIQ product will help you overcome some of these problems by making it easier to identify compliance issues and solutions.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.