The year 2018 is here and you probably already have your New Year’s resolutions. Eating healthier food, going to the gym, learning a new foreign language, all these things are most probably present on your list. These are personal goals and promises, but what about the professional ones?
Here’s a list of five ideas that you can add to your New Year’s resolutions list to make your AD management life better in 2018.
Applying security patches in time and updating software should be something that you really need to think about. If the WannaCry disaster, which occurred in 2017 and caused a local Armageddon with out-of-date computers, didn’t teach you anything, what will?
Last year was pretty bad for those who didn’t update in time. This year might be even worse. The Intel Meltdown is already here in the first days of the year and it’s super serious. So, pay attention the descriptions of updates, read about known vulnerabilities and make sure that you cover the holes before the holes swallow you and your environment, resulting in major losses.
A lot of IT people tend to have a problem with delegation. For a lot of us it’s easier to do something yourself instead of explaining how to do that to somebody else and check that it’s done right after that. Even though it can be easy in the short term, in the long run it’s a really bad practice. This inevitably leads to accumulation of tasks that keep you from doing other more advanced things that require your IT skills.
It’s important to learn how to delegate those tasks. The rule of thumb is that if you can delegate something, you should delegate it. Just define the permissions required for the task and assign them to the people you want to delegate the task to. In case you are still afraid to lose the control over some critical operations, you can use things like approval-based workflow.
If you’re still managing your users’ AD group membership, filling in users’ info into forms during provisioning procedures or do other routine stuff that doesn’t really require any specific technical skills, it’s time to pass them on and free yourself some time for something that really matters.
Automation is very similar to delegation. Practically, it’s delegating AD tasks to machines. Even though they can’t yet make any decisions, but they can follow the rules you define really well. So, if you have any repetitive tasks that take a significant amount of your time, it’s time to start automating them.
Automation also helps to eliminate human-factor mistakes and improve security for your environment. For example, automating user offboarding can make sure that nobody will miss a step or press a wrong button and leave some access rights or active accounts for the ex-employee, creating a lot of breathing space for potential attackers. Also, automating things like AD cleanup not only can improve your management experience by giving you’re a tidier environment to work with, but also help with security, as stale accounts are an often targeted by attackers.
Even though IT and financing department are usually very different, there’s still no need to explain the benefits of saving costs. By reducing the spending on your current workflows, you can reallocate the funds to further improve your other systems and get various new tools that are both fun to play with and useful for your organization at the same time.
For example, things like resetting forgotten passwords is a great example of such approach. Normally it involves frustrating help desk calls, which result in a lot of waiting. But if you implement a password self-service solution and allow users to unlock their accounts and reset passwords by themselves, you can significantly reduce the load on your help desk staff, reduce waiting times for the users, during which they aren’t working, etc.
Last but not least is user education. Remember that any security system is only as strong as it’s weakest link, which is most probably your users. No matter, how sophisticated and clever your security systems are, it all makes no sense if everybody writes their credentials on sticky notes on their monitors or share accounts on a regular basis. Unless you seal the basic levels, there’s no sense in building upper ones.
This is why you need to share and promote best practices, release guides and make sure that everybody does follow them. Explain the consequences that a data breach can cause for each individual user, make sure that they understand the responsibility they face. Help your users help you to keep the IT systems safe.
If you are the type of person, who needs New Year's resolutions to stimulate yourself to change your life, don't leave your professional life out of the list. After all, that's where you spend a significant amount of your time, so why not improve your everyday routines.