The world is simply riddled with danger and mystery. On the one hand, it can be fun and exhilarating. Taking your first climb, starting a new job, or changing careers. All have fun and exciting levels of risk. On the other hand, it’s also something completely negative. A word associated with the potential for loss.
As an MSP, you’re faced with both sides all the time. You’re faced with the risks associated with running your business on both ends of that spectrum. As we talk about Identity and Access Management there’s a side to this that is often overlooked.
I’ll walk you through a scenario that you’re probably familiar with. You landed a new client and they use Active Directory. You performed a quick infrastructure analysis that revealed a lot of deficiencies within it. These deficiencies stemmed from a lack of cleanup, sprawling security groups, OU’s that aren’t maintained, and accounts that haven’t been properly deprovisioned or removed. The goal, or at least what was sold, is that you’re going to take care of these issues for the customer. But, it’s daunting because it’s tedious and doesn’t seem impactful.
Fast-forward 6 months… you’ve onboarded the customer and Active Directory still hasn’t been touched. It’s actually gotten worse. Why? You’ve created your own domain administrator account for remote administration. You’ve created new accounts and deprovisioned other accounts, but you’ve done nothing to correct some of the original issues that started the deficiencies.
I’m going to head back to that risk portion again. In many cases the administration of Active Directory is a risk that you take on as part of your agreement with your customer. This includes providing security permissions through group memberships, ACL’s, etc. Active Directory, while a standard deployment, was previewed 20 years ago. It’s gone through some face lifts, but the core of it’s functionality is the same. Now there are solutions that will allow you to do it better and more efficiently. You’re already providing the service to support the security permissions within the customers environment, but is it really providing them the right resources, to the right person, at the right time?