Monday, August 22, 2011

IT staff member wipes out company’s servers–after he was terminated!

I read this InfoWorld article this morning and figured I’d pass it on. It’s yet another story where a terminated IT staff member subsequently does something bad.
Logging in from a Smyrna, Georgia, McDonald's restaurant, a former employee of a U.S. pharmaceutical company was able to wipe out most of the company's computer infrastructure earlier this year.
Jason Cornish, 37, formerly an IT staffer at the U.S. subsidiary of Japanese drug-maker Shionogi, pleaded guilty Tuesday to computer intrusion charges in connection with the attack on Feb. 3, 2011. He wiped out 15 VMware host systems that were running email, order tracking, financial, and other services for the Florham Park, New Jersey, company.

Using vSphere, he deleted 88 company servers from the VMware host systems, one by one.
I sure hope Shionogi had an effective backup policy in place. Aside from that, I wonder how long it will take for IT to understand the importance of de-provisioning an employee and better access control around privileged account management?

A few weeks ago I overhead someone saying that identity management was passé. I don’t think so! This is a great example of how far we still have to go…

Friday, August 12, 2011

Why wouldn’t you federate to Office 365?

I don’t get it. Obviously I have blinders on. Apparently there are companies that prefer password synchronization – or nothing – between their corporate Active Directory and Office 365. Why?

Is it because setting up ADFS requires corporate ITs involvement? Is it because ADFS is perceived to be too difficult? Do they feel they are exposing their Active Directory on the internet so there’s a security risk?  I’m not getting clear answers when I try to dig into this. I’m having trouble understanding why a company wouldn’t want to enable single sign-on. Do they not understand the benefits of single sign-on from the perspective of reducing password confusion, reducing helpdesk calls, etc?

Have any of you run into this? What’s your experience?

Monday, August 08, 2011

What is the killer app for federation?

What is the killer app for federation?
A killer application has been used to refer to any computer program that is so necessary or desirable that it proves the core value of some larger technology...A killer app can substantially increase sales of the platform on which it runs.
I don’t know the answer to this question unfortunately but I am seeking an answer. I do believe that federation is a means to an end but it is itself not the end. In other words, the benefits of federation are not sufficient to make federation itself a killer app. Is federated single sign-on (FSSO) an important benefit of federation? Of course it is. But is FSSO enough of a benefit that companies are flocking to get federation deployed? Nope. Is federation driving people to use Google, Office 365 or Nope. Again, FSSO is a nice benefit but many companies use Google or without federation enabled.

Why did companies deploy Active Directory? Why is Active Directory deployed at nearly 100% of companies? Well, it’s not because Active Directory makes managing your users easier or because it provides single sign-on. Sure, those are awesome benefits for the company but those benefits generally accrue to the IT staff – not the business, not the company. What drove the uptake of Active Directory was a simple killer app called e-mail: Microsoft Exchange. The business benefit for an enterprise e-mail system drove companies to Exchange and Exchange requires Active Directory. Exchange was the killer app that drove deployment of Active Directory.

So the IQ test question becomes: Active Directory is to Exchange as Federation is to X?

What is X?