This clearly indicates that the consequences of major security breaches have not been
lost on many decision makers in the context of how they manage AD groups. We would
anticipate that continued data breaches, coupled with additional regulations aimed at
victim notification, will drive more organizations to adopt stricter controls for data
access, one of which will be in the way that AD groups are managed.
THE RISK OF OUT-OF-DATE AD GROUPS
The survey found that 31% of organizations consider out-of-date AD groups to be risky
or very risky, while another 39% consider them to be somewhat risky. Only 31%
consider out-of-date AD groups to pose little or no risk to their organizations.
CONCLUSIONS
There are a number of conclusions that we can draw from the research:
User provisioning is an important pain point for many organizations, so much so that
more than two in five organizations updated these capabilities during a fairly serious
recession.
Managing AD groups is a time-consuming and expensive task for the typical
organization. For example, an organization of 2,500 users will consume more than one-half of a full-time equivalent (FTE) IT staff member’s time. This is a significant use of IT staff time for a task that is important, but offers relatively little competitive
advantage to an organization. If it can be demonstrated that a technology was
available to reduce the amount of time devoted to managing AD groups, this would
likely resonate with a large proportion of mid-sized and large organizations.
Updating groups in AD is a sufficiently painful experience that many organizations
are willing to make investments to alleviate this pain. This will be more important
over time as organizations use AD groups to manage their growing SharePoint
deployments.
Also in the context of increasing use of SharePoint is the importance that will be
placed on keeping AD groups up-to-date. As a growing proportion of corporate
content migrates to SharePoint, and as the consequences for data breaches become
more severe, managing AD groups more effectively and in at least a near real-time
manner will become more important. This will be particularly true in heavily
regulated industries like energy, financial services and healthcare.
© 2010 Osterman Research, Inc. All rights reserved.
No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission
of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without
prior written authorization of Osterman Research, Inc.
Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this
document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance
with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive
order, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent
legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty
regarding the completeness or accuracy of the information contained in this document.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED
REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE
DETERMINED TO BE ILLEGAL.
|
