"Today, businesses are at risk and money is being lost due to wrongful access on the Microsoft platform," says Frank Appunn, managing director of SourceTech, a local enterprise management and security solutions provider. "The majority of components on a network have a huge access problem, for example, incorrect rights, and IT departments are finding that they have little time or money and few staff to take corrective action. In the Microsoft arena, Active Directory can help but itself can be the cause of a number of problems. Ultimately, the shortfall of many solutions on the market is their inability to address the complexity of access control and the business factors involved. To get it right, we need solutions that can marry these two points together."
Examples of the South African administration nightmare
Appun continues, "A typical South African manufacturing company found 50% of its 2000 accesses to be incorrect and/or obsolete. What is even more disturbing is that nobody was aware of the problem. A local merchant bank discovered that it had 5000 additional machine definitions that could apply access rights and again, no one was aware of the problem. What matters is the mess that such access rights can cause.
"Most importantly, and less obvious are the rights to access programs, files and shares that are not needed. It is an acknowledged fact that nobody ever calls up the help desk and says that they do not want access any more. As a result, almost every access that is granted remains valid after the user no longer needs it, or even after the user has left the department or the company. Of course, while the malicious use of information is a problem, an even bigger one exists due simply to mistakes."
"The cheap route of just living with the problem or implementing ad hoc exercises does not pay. Says Appun, "There is an unquestionable method of success that moves away from all of this detail to a situation of rules and roles such as has already been proven on mainframe systems using resource access control facility (RACF). Active Directory goes part of the way towards solving the problem but brings with it its own overheads such as companies failing to keep the directory updated and thinking they can achieve adequate administration at a cost of R25 per user per year. In addition, the complexity of the resultant rights and policies becomes unmanageable by humans on systems with more than 300 users.
"NetIQ Administration Suite addresses these items from the overhead cost of operations and administration to provide an ROI within 12 months of implementation while at the same time resolves the mess and provides audit functions which answer questions such as: 'Who changed what, when and from where?' The various products within the suite cover a broad spectrum of admin needs from Microsoft Exchange; file and storage; and directory and resources to configuration assessment, directory security and group policy. A good example of its effectiveness is the contrast between what a local bank estimated it required to administer its systems, namely five admin staff per 1000 users compared to a deployed solution which only required three administrators per 90 000 users while at the same time providing better security and access controls. That is an effective saving of 447 administrators alone."
Adds Appunn, "It is accurate to say that by and large, South African companies are still at a loss when it comes to trying to plug the holes in their enterprise IT systems and trying to ensure that those holes remain plugged. However, a number of major organisations are recognising the need for effective tools that automate much of the work while implementing current international best practices. It is not too late to take a good look at our systems and admit that there is a problem."
Frank Appun, SourceTech