Monday, July 09, 2007

Simplifying/Consolidating versus Managing

I brought up the concept of simplification versus managing your identity problems in my white papers "Tenets of Identity Management". Aberdeen has published a white paper titled "Dealing with Directories: Fewer Fuels Faster and More Efficient Operations" that you should take a look at. The salient, highlight worthy points...

  • Best in Class companies have a factor of 1.9X fewer total directories (16) than the Industry Average (31)
  • Best in Class companies are 2.4X more likely to have consolidated to a single directory (19%) than the Industry Average (8%)
  • Best in Class companies are 1.9X more likely than the Industry Average to synchronize directories completely … or through consolidation, not at

Here's the statistic that I like the most:

  • Best in Class companies reported an average of 16 separate directories, compared to 31 for the Industry Average

That's a 50% reduction in the number of directories between the average and best in class companies. Can you imagine how much easier the identity management problem is at the company with 50% less directories to manage?

For those companies who choose to consolidate around a single directory, consolidation around Active Directory (AD) is consistent with the dominance of Windows in server operating systems. In the 2007 Aberdeen Report (May 2007), approximately 90% of all companies reported that Microsoft was the leading server operating system. At the same time, Linux and leading flavors of Unix from IBM, HP and Sun also have a significant footprint. Even in an AD-centric environment, the material presence of Unix and Linux in companies of all sizes requires companies to develop explicit strategies for integration of non-Windows systems as well.

Their conclusion - which I, of course, agree with...

Companies that effectively address these issues and streamline management of their identity directories position themselves to reap the operational and security benefits of more effective user provisioning and de-provisioning.

Interesting sidenote - This paper was authored by Derek Brink. I knew Derek when he was at RSA and we were both involved in the PKI Forum. It's great to see him over at Aberdeen. He's a wealth of knowledge.

Technorati Tags:
, ,

No comments: