Here’s a question: What do you do when an employee leaves? Free up his desk, change his password, ask him for his parking pass back?
What about his email account, authorizations for groups, online Active Directory account entry, and so forth? In a small company, there might only be a few things to turn off and close down when someone leaves, but in a bigger company, it can grow exponentially.
For example, while looking at a case study from a company that offers Active Directory management products, they detailed their experience with New York Health. In a company that big, there were several issues.
For example, what about accounts no longer being used (employees no longer there, for example), which created a potential security issue – after all, if someone else used that account…
Another aspect is what else the previous employee used. In this case, they also had a Groupwise account, which could then be closed, saving them money. Of course, if no one remembered, it cost money – which was the purpose of this other company’s tool (called DSRAZOR), to enforce audits to catch problems, like accounts with no login for 90 days. It even scanned hard drive spaces for cluttering files like MP3s, freeing up space to use for the directory!
Nowadays, it’s obvious that computers have grown too big to keep track of easily and solutions to automatically catch changes all across the board are vital. It was an interesting read about this product and how it saved a company money, and a real education in the costs of forgetting an account change!