Information Technology Reference
In-Depth Information
Simplify the Garden
Authentication and access control provide the key to all resources dis-
tributed throughout the enterprise and its affiliated partners. This is the
most fundamental technology decision made in planning an enterprise
reconfiguration. Identity conflict across multiple authentication boundar-
ies and mis-configured authentication proxies can create complexity and
user access difficulties throughout the enterprise. The only segregation
of authorization domains should be due to specific mandate or legislated
controls. This may prove unpopular with departmental administrators
used to having full control over their own local identity management
solutions, but it is critical to avoiding conflicts, sharing resources, and
ensuring that adequate controls are maintained in all areas.
Each authentication boundary represents additional complexity for
user interaction and federated access management. In order to answer the
question of whether a rose by any other name stills smells as sweet, we
must first be able to navigate the garden to find that rose. Unnecessary
walls create inefficiency and difficulty without gain. Simplify the authen-
tication boundaries to provide the most effective user experience in the
garden, whether gathering food, hunting, or simply stopping to smell the
flowers.
Summary
A rose by any other name may smell as sweet, yet be granted far different
access permissions in a modern extended enterprise. Planning for effec-
tive authentication, authorization, and access control strategies is critical
to both enterprise security and utility. Overly complex or difficult solu-
tions tend to encourage users to find “workarounds” that may weaken
the enterprise's usefulness or its defenses. User provisioning and access
control assignment should be integrated into employee hiring and termi-
nation procedures, contract negotiation with business partners and exter-
nal consumers, along with other elements of the business the enterprise
supports. These practices should be reviewed regularly and updated as
needed to address the ever-changing user environment. Elimination of
isolated resource silos should be a primary consideration in any enterprise
architectural planning, to simplify access controls, promote resource shar-
ing, and facilitate enterprise-wide auditing of resource access and use.
