Home
Consolidate Your Directories PDF Print E-mail

The Traditional Approach to Provisioning

Most recently, Identity Management efforts have focused on 'provisioning' user account information to the systems that they need access to. This trend results in the propagation of sensitive identity information throughout the enterprise which leads to...
  • the replication and redundancy of information which leads to....
  • the inconsistency of information, administrative difficulties...
  • and ultimately, a compromised security model.
This all began with the 'provisioning push' towards connector-based solutions.  Now, organizations are realizing that, over time, these solutions have made the problem even worse.


The Problem Still Exists

Many enterprises have undertaken several efforts to provide centralized provisioning infrastructures capable of managing users. They claim that…
  • By using these tools and connectors things will be more ‘efficient and secure’.
  • By centralizing the ‘Administration’ of the data, they’ll have ‘more control’.
  • You’ll have better capabilities around auditing and compliance.

  • Still, over half of Identity provisioning projects still fail on their first attempt.
  • The cost of implementing enterprise-wide user provisioning is high.
  • Implementation takes far too long.
  • ROI has simply not been proven.
While some projects have succeeded and provide various merits, few have delivered a comprehensive, scalable solution.



Where Are We Now?

  • We have not centralized the data – only the administration of it.
  • Data is more scattered throughout the enterprise.
  • Access control is still handled locally.
  • Compliance becomes more difficult.
  • Makes the notion of a ‘centralized access control’ model seem unattainable.
  • Makes migrating to a ‘centralized access control’ model even harder.
  • We’re back to the ‘isolation’ phase.

Where Do We Go From Here?

The new 'AD-centric' approach is to re-focus our efforts on the consolidation of Identity data into a more 'centralized' model rather than on the traditional distributed, connector-based approach.
  1. Begin leveraging Active Directory as the center.
  2. Tools exist that ‘enable’ AD-like services to non-windows platforms, systems and applications
  3. Integrate windows and non-windows systems and applications into AD
  4. Allows us to ‘simplify’ provisioning problem and eliminate ‘connector explosion’.
  5. Spend more effort on centralizing access control NOT on large provisioning projects.
  6. Still provision users to things they need – via Active Directory.
  7. Allows for immediate, centralized management and control of multiple environments.
Next Step: Centralize Access Control