Consider the security risk if you moved into a new apartment and the landlord didn’t bother getting the keys back from the previous tenants. One night while you are away the previous tenant slips back into your place and takes your valuables. Upon confronting the landlord, you find that getting the keys or switching the locks wasn’t a priority for him. For a company this is what it’s like with each employee promotion, division switch, project completion, or termination. With each delay in updating Active Directory, the system administrator is essentially leaving the door unlocked and putting a company’s assets at risk.
According to a study conducted by Osterman Research and sponsored by Imanami, 42 percent of organizations report unauthorized access of information through Active Directory.
How serious is this? Imagine a company with 3,000 employees with a turnover rate of 10 percent. Until system administrators delete Active Directory access and disable access to their credentials, 300 former employees have access to email and other network resources specific to their former job function. This doesn’t even take into account the amount of internal turnover of jobs. In fact, 44 percent of the respondents have received an email sent to a distribution list that used to be relevant to their job but is no longer.
Group management for Active Directory is time consuming and takes on average 5.8 hours per 1,000 users a week to manage. This is a mundane task which 81 percent of respondents manage manually, and only 7 percent use a solution to automate the process.
The problem is that although system administrators understand groups need to be managed, it is not a top priority and in fact falls to the bottom. 27 percent of respondents found managing Active Directory to be more boring than managing email servers, 21 percent found it more boring than filling out expense reports, and 19 percent found it more boring than taking out the garbage.