As Jonathan Blackwell, product manager, project manager and technology evangelist at Imanami, puts it, “One of the primary issues with efficiently maintaining the Active Directory is that the people who are responsible for the management of groups often do not have the requisite knowledge to make informed decisions and choices.” As employees change roles, departments reorganize, and project teams disband, it becomes essential to effectively provision and manage users so that the right people have access to the right information, ensuring users are not over-privileged or permissioned. While usually, it is the IT team that is entrusted with managing access, in reality, the onus is on the business owners or application owners—“the true stakeholders”—to maintain the accuracy of the directory, manage groups efficiently, and attest that the right people are on a particular group. Nonetheless, the problem is largely ignored until it snowballs into a large-scale organizational threat. “GroupID focuses on that aspect and allows users to proactively address the issue through a two-pronged approach of automation and delegation,” adds Haaverson.
With GroupID, automatically updating user information as and when it changes along with enabling IT to establish policy and workflow around how groups should be configured is a breeze. Additionally, the GroupID software suite streamlines the process of keeping groups up-to-date and accurate and simplifies the otherwise cumbersome task of group management. Comparing information to keys, Blackwell mentions that as employees change jobs, they get access to more keys, and while their key rings grow bigger in size, what often goes unnoticed is the key that they no longer require. “That’s what we do.
To add to that, attestation plays an important role when it comes to strategically managing Active Directory groups. However, without proper enforcement of group lifecycle, attestation becomes irrelevant since it would entail no consequences for group owners. With the help of GroupID, users can initiate an expiration/renewal lifecycle for groups, which in turn, necessitates stakeholders to share the responsibility of groups, maintain their accuracy, and avoid a group glut by getting rid of the ones no longer required. “Lifecycle is the key to ensuring that no group, user, or object is created in perpetuity and outlives its purpose,” asserts Blackwell.
To exemplify the benefits and value Imanami brings to the table, Haaverson recalls a client engagement wherein his company worked in close collaboration with a premium Telco organization to assist them with Active Directory and identity and access management. The client had an entire help desk dedicated to dealing with Active Directory problems and making necessary changes. However, when an email storm severely hindered the productivity of the client’s business, Imanami came to their rescue. The root of the issue was an unofficial email sent out accidentally to a large group of about 100,000 people that are using the fax server. The problem multiplied as other members of the group responded to the same mail and replied to all, resulting in massive internal spam. While employees using modern email systems were equipped to handle the email overload, the situation was critical in remote offices operating on satellite links. Imanami stepped in and started with locking the group down and then deployed GroupID to address the problem holistically, allowing the help desk staff to focus on more mission-critical IT tasks.
The core of Imanami’s uniqueness lies in its multi-layered approach to managing Active Directory comprehensively through automation, lifecycle enforcement for efficient attestation, and delegation. Besides, GroupID also brings the potential to control and manage both on-premise and cloud-based directory along with any of the associated applications. As businesses incline more toward cloud services and applications, be it a hybrid environment or completely cloud-based, GroupID is poised to align with the demand. “For instance, internally we use GroupID hosted in Azure while our customers run our platform on AWS or some other hosted environment as well as data centers,” explains Haaverson. Also, to further strengthen the attestation process, Imanami has plans to enhance the capabilities of its software suite for revealing how groups are being used to perform important tasks and provide customers with insights on that.