Expired Groups

The End of Groups: The Case for Group Expiration

Many directories contain groups so old that even you don’t know why they exist, who uses them, and what they provide access to. It’s a more common problem than you’d think.  “We should be deleting groups then, right?” might be your initial response.  And while the answer is “yes” in the short run, the reality is…

Group Lifecycle Management

AD Group Lifecycle Management – Group Attestation

Because of the lack of attention groups get throughout their lifetime, one of the greatest security risks an organization faces is when a group lives too long. Think about it – you have groups that exist today that, despite having a clear understanding of the logic behind its membership, you have zero idea why it’s…

AD Group Lifecycle

Putting Life into Active Directory Group Lifecycle Management

We’ve spent a lot of time and effort on this blog working to educate you on best practices around specific aspects of AD group management, such as roles for delegation, the use of dynamic memberships, defining Active Directory health, and more. All of these blogs are part of a larger view of groups – one…

ROI of Proper AD Management

The ROI of Proper AD Group Management

I recently wrote about the cost of managing Active Directory groups, where a look was taken at how calculating what it truly costs your organization to manage groups within AD. For organizations large and small, the costs (relatively speaking) are material.  And those material costs only revolve around IT reacting to the requested changes made…

Smarter Not Harder

Smarter Not Harder: Better Ways to Manage Groups

In keeping with our mantra of Better Groups, Better Security, we look for great ways you can improve your security through better group management. While the amount of work needed to add a single user to a group takes the smallest of efforts, it’s when you make a conscious effort to improve the security of…

Resetting Passwords using Linked Accounts

Passwords are one of the most insecure security measures today. The same passwords are listed as the most used year after year (which is simply a repercussion of too many systems/passwords), and when they’re forgotten, password resets via the helpdesk have zero validation around who’s actually calling. To simplify the process of password resets, self-service…

The Value of Granular Password Management

In a recent article, we discussed how Password Self-Service (PSS) needs to be managed with a degree of granularity. The basis for this argument is that users with varying levels of elevated privileges should be protected with additional layers of complexity and scrutiny. This allows an organization to ensure appropriate levels security are enforced based…

External Authentication

The Password is (Almost) Dead: Protecting Identity with External Authenticators

In a world where organizations need to implement layers of security to protect themselves from the dangers of external attacks, it becomes more and more important to know someone is who they say they are – often on an on-going basis.  Compromised credentials via successful malware attacks make even the most trusted of users a…