Clean data is happy data
Virtualizing directories can help administrators use multiple sources of identity data more effectively, but the virtual directory is only as good as the directories it relies on. And often, that is not very good.
'In most cases, the data is as dirty as a pig pen,' said Dieter Schuller, vice president of business development at Radiant Logic, which makes the RadiantOne Virtual Directory.
In addition to being accurate, identity data must be presented to the virtualizing engine in a way that lets it understand, for example, the relationship between Richard Smith and Dick Smith.
'The application is not difficult,' said Bill Claycomb, who uses RadiantOne as head of user account provisioning at Sandia National Laboratories. 'The tricky part is understanding how the data relate to each other.' The virtual directory can be made to look like any directory the user is familiar with, making it easy to use. 'But it was challenging to put the data together in the right way and to be sure that we were showing the data we wanted to show,' he said.
As with many other technologies, the virtual directory does not eliminate the need for work.
'There is no magic here,' Schuller said. Cleaning up the roles and identities in multiple data sources requires defining business rules to identify multiple presences in directories and establish correct links between multiple directories. And keeping the directories clean and up-to-date is not a one-time job but an ongoing process.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.