Management of security group memberships in midsize and larger organizations has always been a problematic issue. If individuals are not in the correct groups, they usually need to call the company's security department, explain the issue, and get approval to gain access to the security group before they can perform job related tasks. For large companies with high turnover this can result in hundreds of security requests per week. The impact to the bottom line of a company due to lost productivity and salaries for the additional help desk personnel required to handle these requests can be significant. Even if we ignore the additional cost required to manually process security requests, manually maintaining security rights can lead to an auditing nightmare. Few organizations actively monitor the membership of security groups. Even though an employee's job responsibility may change over time, access to applications and data that is no longer required is seldom removed.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
