Here's tenet #3 from my whitepaper "Tenets of Identity Management". Part #1 of the "Tenets of Identity Management" podcast is posted on the Quest web site.
Stop Taking Aspirin—Eliminate the Cause of the Headache
Sometimes you can’t see the forest for the trees. In organizations, this is often a problem. A company will be implementing an identity management project and, like most companies, it will have multiple LDAP-based directories that require synchronization—at least that’s what the company believes the solution to its problem is. My questions are always the same: What is the purpose of these directories? Why is there more than one? Why are they from different vendors? Once you start looking at the details, you usually discover that the company can consolidate one or more of those directories and eliminate the need to synchronize others. That’s solving the problem. It’s also making the environment simpler. Don’t get me wrong; I’m not saying you can consolidate all your directories into one, but I’m willing to bet you can eliminate a few of them. The fewer moving parts you have, the better—it simplifies your environment.
Additionally, think of the benefit across other departments in your company. If you can, consolidate around one vendor’s directory. Or, eliminate one vendor’s directory software entirely. By doing this, you eliminate the need to maintain additional licenses or track those licenses. Your operations people will thank you because they can toss the operational aspects of monitoring and backing up that directory or system. Everyone wins.
identity management, Quest Software
3 hours ago