Many of our clients are professional services organizations; law firms, marketing agencies, consultants and the like.
One of the things that they have in common is that they often have a need to create a place where people both in and outside of their organization can come to share resources for a period of time. It is the very definition of collaboration.
There are lots of tools on the market these days that allow you to do that in a “social media” type model, but what if you don’t have the time to identify, test, install, customize and maintain another application? And who exactly is going to pay for it?
Why not just create a security group? With good old Active Directory you can create a security group that can grant users access to the resources that they need to collaborate on a project. And now you can make that group “smart”. You can allow your users “self service” to invite others to join or leave without IT needing to be involved.
And, you can automatically expire that group. The expiration part is hugely important for two reasons.
First, it plugs a potential security threat. By expiring the group you turn off access to the network’s resources automatically. When Osterman Research, an independent surveyor asked system administrators about the security of their security groups a whopping 42% reported that users in their organization had accessed information in AD that they should not have had access to.
Secondly, it helps to eliminate what we call “group glut”. Groups that are no longer useful to the business are not visible in the GAL or occupying space. In the same survey mentioned above, respondents reported that almost 15% of groups in AD were no longer being used.
Expiring the group also expires the additional security tokens, mitigating “token bloat” which has been mentioned here before.
Finally, creating a security group for access to resources provides an auditable trail. It’s easy enough to run a report which shows who has access to what resources.
So, by using Imanami’s GroupID Self Service to expand the capabilities of Active Directory you can offer your project teams a secure place to collaborate which goes away when it is no longer needed!
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.