Scaling Identity the Wrong Way
Why a Single Active Directory Domain Anchored in Taipei Becomes a Global Operational, Cybersecurity, and Capital Risk
Abstract
This paper develops the framework for identity architecture in the modern AI infrastructure operating environment, with focus on the failure modes the industry has begun to encounter as identity systems scale across multi-megawatt, multi-tenant, and multi-jurisdiction operating envelopes. The paper treats identity as a four-layer object: the directory layer that holds the principal records, the authentication layer that handles credential exchange, the authorization layer that controls access decisions, and the audit layer that satisfies regulatory, compliance, and operational-forensic requirements. Each layer carries its own engineering substance, its own scaling discipline, and its own failure-mode signature when the discipline is not maintained.
The analysis develops the specific failure modes the industry has converged on through misapplication of identity architecture at AI-infrastructure scale: directory consolidation that exceeds the regulatory envelope, authentication centralization that exceeds the resilience envelope, authorization simplification that exceeds the auditable-control envelope, and audit fragmentation that exceeds the regulatory-evidence envelope. Each failure mode is described in its operational signature, its capital implication, its regulatory exposure, and the remediation pattern that production-grade operators have adopted.
The framework is intended for the chief information security officer, the chief information officer, the operating engineering team responsible for identity infrastructure, and the audit and compliance functions whose evidence flows through the identity layer. The analysis draws on industry standards from NIST identity-framework practice, the FedRAMP and CMMC compliance envelopes, the ISO 27001 audit framework, and the body of practitioner experience the author has accumulated across hyperscale and enterprise environments.
Recommendations identify the architecture pattern, the operating discipline, the audit posture, and the lifecycle treatment required to make identity at AI-infrastructure scale operationally bounded. The paper is offered as a counter to the consolidation-and-simplification narrative that has dominated industry discourse on identity scaling and that has produced the failure modes the paper documents.
This paper grounds its argument in a specific architectural pattern: the single Active Directory domain anchored in a single geographic region, typically Taipei or another Asia-Pacific hub, with all writable domain controllers concentrated in that region and read-only domain controllers absent from the United States, EMEA, manufacturing, and operational technology sites that depend on the directory. The pattern is examined as the limit case of identity centralization.
Geographic and temporal scope. The analysis is global, with detailed regional treatment of the United States and EMEA operational impacts. The temporal scope is the 2024 through 2030 operating envelope, with retrospective grounding in 2018 through 2024 deployment patterns and forward projection into the 2030 through 2035 AI-factory build cadence. The analytical posture is the practitioner-grounded engineering argument: every claim is supported by either a cited primary source, a quantitative model whose assumptions are stated explicitly, or the author’s expert analysis informed by direct operating experience.
Executive Summary
Identity is the substrate of every authorization decision in the modern AI-infrastructure operating environment. When identity scales correctly the substrate is invisible, the audit posture is straightforward, and the regulatory envelope holds across jurisdictions. When identity scales incorrectly the substrate becomes the operational bottleneck, the audit posture collapses, and the regulatory envelope opens to multiple simultaneous exposures.
Finding one. The industry has scaled identity the wrong way at multiple major operators over the past three years. The dominant failure pattern is directory consolidation that exceeded the regulatory envelope of one or more jurisdictions in which the operator operates, producing audit-evidence collapse and remediation cost that exceeded the consolidation savings.
Finding two. The second-most-common failure pattern is authentication centralization without a corresponding resilience architecture, producing operational outages when the centralized authentication path fails and producing audit-evidence loss when the centralized authentication path is compromised.
Finding three. The third-most-common failure pattern is authorization simplification that aggregated principal-level controls into role-level controls without preserving the principal-level audit trail, producing audit-evidence gaps that the regulatory envelope cannot tolerate.
Recommendation one. Architect identity at the four-layer object level rather than at the directory-product level. The architecture envelope specifies the directory boundary, the authentication-resilience requirement, the authorization-evidence requirement, and the audit-fragmentation tolerance.
Recommendation two. Maintain identity discipline through the lifecycle. The discipline includes regular audit-evidence verification, regular resilience-pattern exercise, and regular authorization-control review. The discipline is operating-model machinery, not a one-time architectural decision.
The paper is offered to chief information security officers, chief information officers, audit and compliance functions, and the operating engineering teams whose decisions over the next two capital cycles will determine whether the operator’s identity substrate scales correctly or repeats the failure patterns the paper documents.
Finding four. The latency physics of cross-Pacific authentication imposes a measurable daily productivity tax on every workstation outside the centralized domain controller’s region. The tax falls in the range of four to eleven minutes per user per day across logon, Group Policy refresh, Kerberos ticket renewal, and identity-dependent application authentication paths.
Finding five. The single-domain pattern concentrates regulatory exposure across multiple incompatible regulatory regimes simultaneously: GDPR cross-border identity transfer rules, NIS2 essential-services posture requirements, CMMC controlled-unclassified-information protection envelope, HIPAA electronic protected health information security rule, and Sarbanes-Oxley audit-evidence requirements all converge on identity infrastructure that the centralized architecture cannot satisfy without significant remediation.
Finding six. The six named cascade scenarios examined in this paper each individually justify the migration to a distributed identity plane on cost, risk, and operational-resilience grounds. Cumulatively, they make the migration unavoidable; the only remaining variable is whether the migration is executed under planned capital discipline or under the duress of a realized cascade event.
Recommendation three. Adopt the distributed reference architecture described in Chapter 25 and Appendix B. The architecture deploys writable domain controllers in two or three geographic regions with read-only domain controllers at every operational site, places privileged access workstations in a tiered administrative containment model, and implements identity telemetry and observability per the KPI and telemetry framework.
Recommendation four. Execute the migration on the phased schedule described in Chapter 27, sequencing capital and operating investment over an eighteen-to-thirty-month window aligned with the operator’s existing capital cycle. The migration is achievable without operational disruption when executed on the recommended phasing.
Scenario and forecast. Under the recommended distributed architecture and migration phasing, the operator’s authentication latency, help-desk volume, audit remediation cost, and cascade-exposure surface all converge to industry-benchmark values within thirty months of migration commencement. Under continued operation of the centralized pattern, the operator’s exposure across each dimension continues to compound at the workload growth rate of the AI-factory deployment envelope.
Full white paper below
