Computerworld - Just when I thought we had solved one set of IT security problems by getting the human resources department to properly train new hires, another has cropped up with my team and a new single sign-on system it has deployed. The system was designed without input from the IT security team and at least one other department that will be affected. Now we're dealing with the issues after the fact.
The single sign-on project addresses a significant problem. There are several ways for employees to log into different parts of our IT infrastructure, and each requires entering a separate set of credentials.
The single sign-on system will make life easier for users, giving them access to a broad set of applications and services with just one user ID and password.
The IT group has been talking about this for some time, but several obstacles have kept the project sidelined until now. The biggest was the fact that we bought Novell Inc.'s eDirectory directory services and iChain identity management software to handle the authentication of our PeopleSoft system.
But we also deployed Windows 2000, which uses Active Directory for authentication, and our Exchange server uses yet another directory structure.
Unfortunately, these infrastructures were designed separately, with no common vision, so there's a lot of duplication. To make matters worse, none of these directories were mirrored in anticipation of a catastrophe. Sure, we backed up the data, but we didn't have another system on standby to take over the authentication process in the event of a hardware failure.
This week, the IT group and I finally began migrating users to a single authentication system based on eDirectory that's fully mirrored, clustered and load-balanced.
We mirror the data to another data center, so in the event of a fire, malicious damage or other event, the alternate data center will automatically begin accepting authentication requests.
The No-Name Log-in
This new system makes logging in very convenient, except for one problem. Instead of logging in with our traditional usernames (we used a naming convention that closely matches each employee's actual name), we're using employee ID numbers.
Personally, I didn't even recall that I had an employee ID, much less remember the number itself. Until now, our IDs had been used only by the HR and finance departments for personnel tracking, so I was surprised when I received an e-mail stating that I must start using mine. Like other employees, I was given a week's advance notice and informed that I would also have to change
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
