lördag 1 februari 2014

Active Directory, Compliance and Identity: Preface


During my years as a consultant I have often faced the challenges of customers having problems communicating internally, especially between the department responsible for running the internal infrastructure and the rest of the company. Often this is an outcome of the unwillingness to speak the same language as well as capabilities to actually translate the IT related terms into business terms and have them make sense.

Sometimes I sense that IT people use complex terminology to hide their own shortcomings in understanding the business needs and also from time to time, their ability to actually manage the systems installed in the most beneficial way from a business perspective.

As long as non-IT departments don't depend on IT for their core business this is manageable and everything is kind of peaceful, but as soon as dependencies start to really show so does the problems. When business start to question the actual cost and efficiency provided by IT, words like "It's Complicated" isn't good enough any more.

Starting back in the late 1990s Microsoft released Active Directory to provide an enhanced capability not only to manage larger but also more complex environments, giving us "geeks" the possibilities to start "integrating" surrounding systems using industry-standard LDAP (Lightweight Directory Access Protocol).

In the early 2000s corrupted business people caused us to add controls and regulations into our financial systems and since all those systems already by that point in time was digitalized, the effect on IT in general was to straighten up and add more security and the capabilities of auditing and tracing all changes to financial systems and their transactions.

Starting around 2005 we realized we had so many IT-systems causing our users spending a huge amount of time just trying to authenticate to different systems before even being able to perform their actual work, initiating the Identity Integration boom to kick off for real.

Add to this Virtualization, Cloud Services and full blown Identity Management solutions hitting us during the last 5-6 years and the conclusion is clear, we have gone from "IT-simplicity" using a few interconnected systems to "Business-simplicity" using a huge amount of semi-interconnected systems  causing "IT-complexity".

Here we stand today, with an even bigger need of communication between IT-department and the other departments like HR, Economy, Sales and various Production units. Now we have also reached a new level of IT maturity within the non IT-departments on most of the companies, making the phrase "It's Complicated" an obsolete answer when communicating between IT Admins and Business.

In this Blog Series I will provide my view on how you could move away from a non-managed AD with gaps in Compliance and lack of simplicity in Management of multiple Authentication Services and into a system interconnecting all your business systems with the heart of your infrastructure, Active Directory.

The series will contain the following parts with a lot of separate posts on every topic:
1. Cleaning up and stabilizing your existing Active Directory
2. Disaster Recovery planning and Resilience
3. Adding Compliance and Security
4. Connecting External Systems and Directories to Active Directory
5. Identity Management beyond the New User Portal

Stay tuned, enjoy and remember: A fool with a tool is still a fool.