I guess I’m here looking for some perspective. I am in discussions with a long-time client (church), that has had a fully managed AD environment for 15+ years. Recently they moved about a third of the staff to Chromebooks, and migrated to G-Suite for the majority of their users.
Numbers look like this:
- 35 staff users, 20 Windows PCs/Laptops (for users, kiosks, signage), 16 Macs (users, and A/V production), 20 Chromebooks
- Ruckus wifi integrated with AD
- Windows print server to multiple Canon ir-ADV machines and other printers
As the environment has changed over the years, I have AD syncing with AzureAD and G-Suite, and AzureAD is used for SSO to authenticate the Chromebook users, and the Finance team uses O365 in addition to G-Suite. All runs great.
I have been asked to put a project together to remove AD. Not replace it with something else, but just remove it (and, presumably AzureAD). I have explained on numerous occasions the reasons I feel this is a poor decision (i.e. security, manageability, SSO), but perhaps I have not expressed these issues clearly enough, as they still don’t see why they shouldn’t run a “home-style” network where everyone looks after their own machines.
The thinking seems to be that since “everything is in Google” (which it’s not) there is no longer any requirement for management, since “Google will be liable if there’s a data breach or damage from viruses etc.” They want everyone to have more autonomy and control over their own machines. My head just about explodes every time I think about it, but I can’t seem to get them to understand why this is a bad idea. Just gives me an extended headache.
What it comes down to is that they would like to save money on paying an expert (me) to manage the environment proactively, and just come in to fight fires when they happen. I’ve been doing this 20 years, and I’ve never had a client purposely want to move from a functioning, secure environment to a “home-style/open” (their words) network.
I don’t want to argue with them to maintain my little technology fiefdom and protect my revenue… certainly I can do what they want, but ethically I don’t believe it’s the right thing to do. Am I just too set in my ways as an IT professional, or does this seem a bad idea to anyone else? How would you respond if your church/organization/client decided to head in this direction?