- Too Many Groups
Directories contain too many security groups and mail distribution lists, whose utility and membership are suspect.
- Slow Onboarding
It can take too long to create login IDs for newly hired or reassigned users.
- Unreliable Deactivation
Access deactivation can be slow, unreliable or incomplete.
- Complex Access Requests
Access requests can frustrate users: Where is the form? How to fill it in? What entitlements are required? Who will approve it?
- Obsolete Access Rights
Users retain access rights long after they are business-appropriate.
- Policy Violations
Find users whose access rights violate policy and revoke excess entitlements.
- Costly Audits
Auditing entitlements is hard: Who has what? What is the change history? Is it (still) appropriate?
- No Accountability for Changes
Who granted access, when and on whose authority? There is no accountability without change history.
- Costly Security Administration
Processes to manage users and entitlements are costly and time consuming.