Managing user accounts and rights and other AD objects are at the very core of all good cyber hygiene. But how do we ensure full overview, detect suspicious activity and ensure the 'right amount' of rights for user accounts in an effective manner?
Managing user accounts and rights and other AD objects can be a comprehensive task for administrators and helpdesk technicians. It can be both challenging and time-consuming to get the full overview and to easily be able to report and document access rights and activity when requested. Failure to manage user accounts and rights can in some scenarios even compromise the cybersecurity of the organisation. Some of the challenges regarding AD management might be:
- Membership of Privileged Security Groups is not reported and membership is not approved regularly by managers. Accounts that does not require membership any more or accounts that is not in use anymore has elevated privileges that can be used in Cyber attacks.
Restricted access to manage AD is not in place. All accounts with access to manage Ad has full rights. This increases the risk of accidental actions in AD. Any technician will have their own admin account which increases the risk of a data breach.
- Use of generic templates for creating and granting rights to new user accounts can often lead to mistakes. Thus, some users will not have the needed rights and other users will have access to information or systems outside of their portfolio. This can lead to incompliancy with both GDPR and defined security guidelines within the organisation.
- Lack of overview and easy-to-extract reports on user accounts makes it difficult to detect suspicious activity, manage the life cycle of accounts and evaluate the current state of overall security in the AD. This can, among other things, lead to insufficient dismantle of old users and devices, compromising the cybersecurity of the organisation.
- Routine tasks, which can be easily automated, are both time-consuming, resource heavy and take up time from other important core tasks.
Functions & Requirements
- Secure delegation of access to AD, so a technician can be restricted to only relevant jobs in Ad like reset password, enable user etc.
- Manage user creation with both O365, Teams, Skype, Terminal Service, Exchange account from a single template.
- Easy onboarding with intelligent prefilled templates that automatically adds group memberships, Ou’s email accounts and other settings.
- Intelligent automation of routine-based and complex tasks like automatic offboarding with automation policies.
- Automatic user creation from HR systems.
- Scheduled reporting on any type of Ad objects for review or approval.
- In sum, AD makes it more secure and easy to create, manage and delete AD objects in bulk and individually from templates. Actions in bulk directly from reports.
Read more here.