Microsoft automates cloud access management for engineers

Powered by SC Magazine
 

Office 365 support 'democratised'.

View larger image View larger image View larger image

See all pictures here »

Microsoft has deployed a new rights management system to improve the way the company handles access to the on-call engineers dealing with cloud outages.

Lockbox began development in 2010 to automate rights management for engineering, allowing them temporary access to higher-tier privileges to fix outages more quickly without exposure to customer data.

It was the brainchild of Raj Rajagopalan and a couple of developers, a then greenhorn Office 365 engineer who, like many others starting out, was lobbed with the on-call graveyard shift for the cloud software as a service during his first week in early 2010.

The idea was born sometime after his alarm blared around 3am. A customers’ Office 365 installation had a bug and Rajagopalan needed to reboot the systems.

But he lacked the authorisation for the disruptive fix, so he phoned on-call operations asking for a reboot.

They too lacked the privileges to do so without the approval of the incident manager.

Operations were eventually granted the right to reboot the systems, and services were quickly restored.

But the sluggish incident response process meant the performance benchmark by which incidents are measured — mean time to recovery (MTTR) — had blown out.

Project Lockbox, built by Rajagopalan and core developers Andrey Lukyanov and Shane Brady over weekends in Microsoft’s Garage prototype lab, slashed the measurement within Microsoft’s Office team.

It was showcased in September last year as a prototype at one of the lab’s eight annual science fairs, winning approval for development and staff resources.

Lockbox went live internally across Microsoft’s Office engineering team in January this year.

“MTTR of issues is much faster now because we empower the engineers with Lockbox based recovery actions without elevating their permissions,” Rajagopalan said.

Department staff were stripped of access rights and given base-level access, with temporary elevated privileges afforded on-demand through Lockbox.

Requests for elevated access deemed to be abnormal by the automated systems are flagged by Lockbox and sent to a manager for manual approval.

“It could be said we democratised the permissions model,” Rajagopalan said.

Minimum privileges mean engineers can only have exposure to customer data when they request access through Lockbox, which is logged.

A mobile phone app was also built for speedy Lockbox approvals.

Prototyping the future

Many more projects have born and died in Microsoft’s Garage, but its manager Quinn Hawkins doesn’t shed any tears.

“Ideas are a dime a dozen. It’s the execution that’s hard,” he said.

Engineers use the Garage in and out of work hours and pitch their projects to department heads on science fair days.

Good projects, Hawkins said, came from prototypes and not brain-storming maps or voting polls.

“You get whims, not innovation; for instance you could have a great idea for the Windows kernel, but only a few people get what that is, so it doesn’t get the votes. Idea sites are where ideas go to die.”

About 50 tools are produced in the Garage every month, collectively used by approximately 40,000 Microsoft employees.

Copyright © SC Magazine, Australia


 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Another clever trick you can perform with Xero
Jun 25, 2014
Here is another way to reach out to particular subsets of your customers using Xero.
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 902

Vote