Study: 42 Percent Of Organizations Report Unauthorized Active Directory Access
Consider the security risk if you moved into a new apartment and the landlord didn't bother getting the keys back from the previous tenants.
One night while you are away the previous tenant slips back into your place and takes your valuables. Upon confronting the landlord, you find that getting the keys or switching the locks wasn't a priority for him. For a company, this is what it's like with each employee promotion, division switch, project completion, or termination. With each delay in updating Active Directory, the system administrator is essentially leaving the door unlocked and putting a company's assets at risk.
According to a study conducted by Osterman Research and sponsored by Imanami, 42 percent of organizations report unauthorized access of information through Active Directory.
How serious is this? Imagine a company with 3,000 employees with a turnover rate of 10 percent. Until system administrators delete Active Directory access and disable access to their credentials, 300 former employees have access to e-mail and other network resources specific to their former job function. This doesn't even take into account the amount of internal turnover of jobs. In fact, 44 percent of the respondents have received an e-mail sent to a distribution list that used to be relevant to their job but is no longer.
Group management for Active Directory is time consuming and takes on average 5.8 hours per 1,000 users a week to manage. This is a mundane task which 81 percent of respondents manage manually, and only 7 percent use a solution to automate the process.
The problem is that although system administrators understand groups need to be managed, it is not a top priority and in fact falls to the bottom. 27 percent of respondents found managing Active Directory to be more boring than managing email servers, 21 percent found it more boring than filling out expense reports, and 19 percent found it more boring than taking out the garbage.
"It's no surprise that group management is time consuming and tends to be last on a systems administrator's to-do list, but it can't be neglected," said Michael Osterman, principal at Osterman Research. "A failure to manage groups properly poses a serious security threat and could lead to loss of intellectual property and other serious consequences. Companies need to shift from a manual approach and look to solutions that manage the entire lifecycle of the group."
"Group management is manually time intensive and often done behind schedule which highlights the need to have an easy and efficient process," said Robert Haaverson, CEO of Imanami. "In today's economy, IT resources are already scarce. Administrators don't have time to do mundane tasks, but managing group lifecycles is too important to delegate to someone who doesn't understand the implications of poor group management."
The Osterman Research study, entitled "The Hidden Costs and Challenges of Group Management," provides an analysis of the time and cost spent and the potential problems faced when managing groups in Active Directory.
The study was conducted in October with more than 100 organizations that are using Microsoft Exchange as a production e-mail system. The complete study can be found at www.imanami.com.