Sun Microsystems has launched new software to help firms automate the process of access control compliance, along with a new governance, risk and compliance (GRC) strategy intended to support firms' identity management programmes.

Its new Role Manager includes features which ensure users' actions are in keeping with their job roles. These include analysis and reporting on role changes, continuous monitoring for segregation of duties and automation of identity-based controls, according to the vendor. Role Manager is essentially the rebranded version of the RBACx product from identity compliance firm Vaau which Sun recently acquired.

Sun's GRC offerings are designed to help firms better manage identities and compliance. "Governance, risk and compliance are no longer just IT issues. GRC is also a boardroom issue," said Sun vice president Mark Herring in a statement.

Roles-based identity management is becoming increasingly popular among large enterprises looking to mitigate the risk from insider threats, whether malicious or accidental, according to Brian Contos, chief security officer of security and compliance firm ArcSight.

"There has been a huge migration from watching the IP addresses to monitoring specific people and how they interact with their critical assets," he explained. "Customers have been coming to us saying it's a big problem [which ties into] corporate governance and risk."

Sun said it plans to further expand its portfolio of identity management products over the next 12 months with new additions in the areas of access management, federation, web services security and auditing.