If you’re ever looking for a way to frustrate your users, making it difficult to log on is a great way to start. Unfortunately, the pressure to adopt a wide variety of cloud-based services is forcing many companies in exactly that direction.
We saw some of the benefits of a hybrid cloud in Keeping Your Options Open with a Hybrid Cloud. Flexible sourcing of IT allows organizations to optimize each service for cost, functionality and usability, so it is a great opportunity. However, left unchecked, this approach has the potential to lead to an authentication nightmare. Duplicate credentials to remember, re-authentication with each service…what a way to alienate the business.
Of course, that’s not the only downside. Poor identity management also makes the systems less secure. Users find their own ways to cope: for example, re-using passwords across many systems, choosing weak credentials, or writing passwords down in an accessible location.
These are some of the problems organizations face when they gradually add applications and services without a clear plan. Stated bluntly, it is a recipe for disaster either in the form of a user mutiny or an invitation to corporate espionage.
A much more attractive option is to make people-centric IT a priority as you redesign your datacenter. You will need a central identity store if you want to manage your users across multiple datacenters and cloud providers. The store itself may be on-premises (e.g. Windows Server Active Directory) or it could be hosted in the cloud (e.g. Windows Azure Active Directory).
The key is to make sure that the identity store is able to apply policy and control while authenticating users to other cloud services. In simple cases, a federated identity look-up using industry-standard interfaces will be sufficient. But in other cases — when there is a need to integrate with a wide variety of legacy applications and personnel management processes — it may be worthwhile to implement a full-fledged identity management tool (e.g. Forefront Identity Manager) for identity synchronization and provisioning.
People are at the core of every business. An effective IT architecture will reflect this truism. That means it should come as no surprise that user identity needs to be at the core of any transformed datacenter.
A comprehensive identity management system is a great way to maintain consistency and enforce policy. For the end user, single sign-on removes their need to supply their credentials every time they access a different application. Once they sit down at their desk, they should be able to jump back and forth between tools without ever having to log in again. This is how you avoid users’ frustration and get them onboard with changes that will help the organization reach its full potential.