Spring Cleaning
by Deborah Volk on May 28th, 2009

Each spring an annual rite beckons me. Software engineers might call it refactoring, artists prefer the term deconstruction and tres chic museum curators use denouement. The rest of the world calls it cleaning up your mess. Cobwebs are removed, dust is annihilated, furniture is rearranged, (ab)used items are donated or discarded. This is more out of habit (as rites wont to occur), the local microclimate doesn't really require winter clothes to be put away and summer clothes to be readily available. If you go through all this trouble of taking things apart and putting them back together, you should also decide what to throw away and what to keep. (That Members Only jacket you've worn five holes in since 1980s probably should go). Moreover, if you're struggling to maintain order, you might want to come up with a new methodology of avoiding quantum-level phenomenon where you are not sure if that sweater is really in the same place where you left it yesterday.
As a rule of thumb, weird vacuum cleaner inventors excluding, most people hate cleaning, be it spring, winter, summer, fall or any other season, including Lunar phases. It is time consuming, often at odds with itself (you want to keep little Jimmy's abstract expressionism paintings on your walls but the landlord objects), and just plain messy. Nevertheless, there are a million (and a half) good reasons to do it. For example, according to the National Soap and Detergent Association, getting rid of excess clutter would eliminate 40 percent of the housework in the average home. Facts are stubborn!
If you buy into the premise that an annual cleaning rite at your own residential abode is a mandatory event, consider what kind of dust is collected by an identity administration solution.
Forget yearly, you'll be lucky to do any cleanup every 2-3 years, that reconciliation engine never sleeps! People data starts resembling episodes from the Twilight Zone (zombies and such), logs stack up into impenetrable wooden fortresses that could easily reach a terabyte (1 GB/day is not uncommon in high-volume deployments), processes change or go defunct. Even though this may seem like an operational issue, there's usually not enough time or muscle on the operational side to deal with it, it's a project like no other. As digital dust accumulates, it clogs up the database and throws off an unhealthy sheen when piling up on the filesystem.

We all know that resources aren't free and there's no such thing as infinite amount of disk and CPU, there's always a price to pay. Not only the efficiency of the overall solution goes down but total cost of ownership goes up as well. To address these problems and to join the new and glorious tradition of spontaneous, self-organizing events (aka unconferences) , cultivate a recurring clean-up fest in your organization. All festivals need a catchy name. My suggestions:

  • Annual Identity and Access Management Dustbowl
  • First Ever Magic ReconciliationCamp
  • Enterprise Datacon XII (always append a Roman numeral, make it grandiose)
  • Feathers of Orphaned Events

Tasks that should be part of your cleanup:

  • A cross-check between records in your identity management database and same records in applications under management. These records have been previously reconciled from the application so this is an independent spot check on both data quality and the reconciliation process. Pick some records from the identity management side and then go directly to the application to research them. The outcome of the comparison could be as simple as a spreadsheet. Obviously, fix the problems seen, or at least schedule to fix the problems
  • Review your logs and the log retention policy. Do you have a problem of keeping clothes you haven't worn for last 5 years? If you are a packrat at home, you might be a packrat at the office. Take a look at your logs and retention policy to ensure you have sufficient data but you're not being flooded with data. Just as you do with your personal records, define how long you need to keep each type of log to appease support/troubleshooting and audit needs. Avoid what-if-itis if possible.
  • Review your code and configuration (application, app server, web server, database) . Do you have features deployed in production you are no longer using? If your product allows it, remove the unused features, don't fall for the trap of archiving. If they are kept in production, there is a cost AND a risk associated with these features. Consider the consequence of them being accidentally activated.
  • Sync your source code repository with code in production. Make sure all source code in production is checked in and what's checked in is in production. Take the Agility Quiz to find out where you stand with your development processes.
  • Update documentation. Many deployments have great documentation during the initial rollout but fail to keep it up, thus quickly depreciating the value of documented knowledge. Updated documentation helps reduce costs when it comes to communication with other groups, bringing new people on-board and, of course, troubleshooting. Based on our experience, one of the biggest barriers to walking the walk of "this is a living document" policy is the documentation toolset. Lowering the barrier to adoption by enabling one-click collaborative editing is the key requirement. A wiki is an excellent fit for this type of documentation process.

What other tasks should be or already are part of your spring cleaning?

Posted in Identity Management, Change Management, Data Quality    Tagged with operations


Leave a Comment

2012 (1)
2011 (2)
2010 (2)
2009 (64)
March (11)
April (18)
May (18)
June (4)
July (1)
August (1)
September (5)
October (5)
December (1)