 |
|
 |
Active Directory Group Management: Challenges, Cost and Uses.
According to this Osterman survey, over 90% of all organizations manage Active Directory groups through manual processes. The cost for these manual processes? Over $16 per user per year. On average, for every 4000 users in your organization, you have a full time IT resource managing Active Directory groups. Not all of Active Directory, just the AD groups.
Download PDF - 5 pages, 350KB
|
|
|
|
|
|
 |
 |
|
WHY ARE AD GROUPS USED?
The most common reason that AD groups is used is to grant access to files and folders,
cited by 93% of respondents. The next most common reasons are granting permission
to systems (78%), applying Group Policy Objects (GPOs) at the group level (73%), and
sending email to distribution groups (66%). The least common reason for using AD
groups is to send email to mail-enabled security groups (43%). Further, 33% of
organizations have non-traditional uses for AD groups, such as not to email a group or
to grant/deny access within a security group. However, 56% of organizations have used
AD groups for SharePoint access, a role for groups that we anticipate will become
significantly greater with the increasing use of SharePoint over the next 12-18 months.
APPLICATIONS FOR AD GROUPS
The survey also found other reasons and applications for AD groups and GPOs:
58% of organizations have applied GPOs to a group of computers by creating a
security group with computers as members of the group(s).
48% of organizations allow mail-enabled security groups and another 16% reported
that they possibly do so.
38% of respondents have considered creating a workflow to wider audiences to
improve response times on projects and other tasks, such as using a distribution
group or security group for workflow approvals.
36% of respondents would consider using a GPO that would force a country-specific
email signature line for each user in that group. Among large, multinational
companies (something for which we did not screen in the survey), we anticipate that
this proportion would be much higher.
32% of respondents have, at some point, created a group for text-message
emergency notifications.
22% of organizations use workflow to control users joining or leaving groups
through a self-service portal.
17% of organizations have used AD groups to disable email communication between
two sides of their organization. This is extremely important for establishing and
enforcing ethical walls in heavily regulated organizations, such as energy companies
in which the transmission and distribution sides of the business must not
communicate with one another.
WHAT HAS BEEN THE IMPACT OF SECURITY BREACHES?
In one out of five organizations surveyed, someone has accessed information from AD
that they were not authorized to access. Further, there have been many well-publicized,
high-level security breaches – for example, the Privacy Rights Clearinghouse offers a
database of data breaches of all types that have occurred since 2005. However, 37% of
respondents to the survey told us that these security breaches have had no impact on
the way that they use AD groups, while another 38% of respondents are concerned but
have done little in response. That said, 16% of organizations are considering changes
to the way they manage groups as a result of major data breaches and another 9% are
concerned and have actually changed the way that they use groups.
Next Page >>
|
|
|
|
|
