Mistake-Proofing Your IT Systems

By Tamara Wilhite posted 07-13-2020 10:01:18 PM


We've all seen mistakes in online content, whether due to spelling or grammar. These errors detract from the professional image the content is intended to convey. The true hazard is when these mistakes occur in IT, introducing critical errors and affecting the actual function behind the scenes in the software and IT infrastructure on which modern business runs. Here are a few tips for mistake-proofing your IT systems.


When one database references an employee as ID number 123456 and a different database identifies them as 0123456, your IT department may create two separate user accounts for the same person as a result. This wastes their time and may create confusion for the user. Disabling the wrong account as part of an account clean up will affect someone's ability to do their job. You can reduce the risk of this problem by adopting an identity management system that uses universal user identifiers to control their access, and requires all of the IDs to follow set standardized rules.


When user IDs are based on users' names, such as a combination of initials and their names, you risk creating redundant identifiers to try to maintain the same naming convention or varying the user ID format by adding extra initials or numbers to keep each user identifier unique. The better solution is assigning each new hire a unique user identifier as part of the onboarding process. Let Human Resources enter their information into automated onboarding tool and simultaneously save that information to your identity management system to create a unique user ID per pre-defined rules. Automated onboarding tools automatically take care of these issues for you. However, you must review their performance to ensure they’re doing what you think they’re doing.


Apply data masks that prevent illegal characters from being used. For example, don't allow characters like the pound sign or apostrophe in passwords since this can cause some databases not to recognize a password based on these characters. Conversely, identity management systems need to recognize apostrophes and dashes. John-Claude's name is not John Claude. While Mo'Nique's name isn't unique, if your database can't handle the extra apostrophe, searches of the HR database based on the proper spelling may not yield the proper results.


No human has perfect data entry skills. This is why spell checking and grammar checking are built into word processing applications. Problems can arise when spell checking is applied to identity management, trying to correct a properly spelled name to an improper but more common spelling. Furthermore, humans may accidentally type the name incorrectly. While training HR personnel doing the data entry to double check the spelling of the names and other information they input is one solution, you cannot prevent all of these errors. The solution in this case is to adopt an ID management tool that makes it possible to correct incorrectly user information when errors are discovered.


When you use an identity management tool that manages someone's identity across the board, there is no need to correct five or ten user accounts across as many applications because the name was misspelled in the original onboarding request and replicated in each subsequent set-up.


Using a single identity management system can avoid problems caused by copying and pasting to save time creating many different user accounts. For example, copying a user's name or unique identifier can add extra spaces or characters. A data field that states "name's Joan" can become "name&s Joan" or "name's Joan" after being pasted into a new field. Then the user login fails when they log in with the user identifier given because it doesn't match the characters the database is matching the user ID against.


Take care before you use corrective scripts to change user identifiers or names en masse. And corrections to special characters or spaces may alter the user ID or name into something incorrect.


Wherever possible, automate the onboarding process and user setup. At a minimum, use checklists filled in via check boxes to identify the roles and groups someone should have on the list. A better choice is to automatically populate lists of user group and role assignments based on job category or department as part of the onboarding process before forwarding that information per a standard message or ticket to IT to set up the new user. Then no one will make a mistake in missing a critical group membership in sending a ticket to IT to set up the user or select an incorrect role on a drop down list when selecting the roles that the person needs.


Review user accounts prior to deactivation for security reasons or offboarding processes. Look for the duplicate accounts such as incorrectly set up accounts that were replaced by a correctly set up one and deactivate both. Check for administrative accounts to deactivate as well as standard user accounts. Detailed work like this prevents a build-up of “lost” accounts that are harder to clean up later. This hassle can be prevented by using a standardized user set up process via an automated onboarding tool, tracking every change to the user account in a database that tells you everything they have.


You may be able to use the same tools and reversed steps to deactivate users. Ensure that your user deactivation process turns off accounts and removes permissions for everything that people were set up for. It isn’t uncommon for this type of documentation to be neglected though user set-ups are continually reviewed.