Consider the security risk if you
moved into a new apartment and the landlord didn’t bother getting the keys
back from the previous tenants. One night while you are away the previous
tenant slips back into your place and takes your valuables. Upon confronting
the landlord, you find that getting the keys or switching the locks wasn’t a
priority for him. For a company this is what it’s like with each employee
promotion, division switch, project completion, or termination. With each
delay in updating Active Directory, the system administrator is essentially
leaving the door unlocked and putting a company’s assets at risk.
According to a study conducted by Osterman Research and sponsored by
Imanami, 42 percent of organizations report unauthorized access of information
through Active Directory.
How serious is this? Imagine a company with 3,000 employees with a
turnover rate of 10 percent. Until system administrators delete Active
Directory access and disable access to their credentials, 300 former employees
have access to email and other network resources specific to their former job
function. This doesn’t even take into account the amount of internal turnover
of jobs. In fact, 44 percent of the respondents have received an email sent
to a distribution list that used to be relevant to their job but is no longer.
Group management for Active Directory is time consuming and takes on
average 5.8 hours per 1,000 users a week to manage. This is a mundane task
which 81 percent of respondents manage manually, and only 7 percent use a
solution to automate the process.
The problem is that although system administrators understand groups need
to be managed, it is not a top priority and in fact falls to the bottom. 27
percent of respondents found managing Active Directory to be more boring than
managing email servers, 21 percent found it more boring than filling out
expense reports, and 19 percent found it more boring than taking out the
garbage.
“It’s no surprise that group management is time consuming and tends to be
last on a systems administrator’s to-do list, but it can’t be neglected,” said
Michael Osterman, Principal, Osterman Research. “A failure to manage groups
properly poses a serious security threat and could lead to loss of
intellectual property and other serious consequences. Companies need to shift
from a manual approach and look to solutions that manage the entire lifecycle
of the group.”
“Group management is manually time intensive and often done behind
schedule which highlights the need to have an easy and efficient process,”
said Robert Haaverson, CEO of Imanami. “In today’s economy, IT resources are
already scarce. Administrators don’t have time to do mundane tasks, but
managing group lifecycles is too important to delegate to someone who doesn’t
understand the implications of poor group management.”
