Let’s face it.  Individuals with malicious intent are constantly crafting new ways to penetrate your IT environment.  One of the most pervasive security threats today is the internal user with excessive privileges and access to critical data.  According to the Verizon 2010 Data Breach Investigations Report, 48% of data breaches are caused by insiders and of those incidents, 90% are the result of deliberate and malicious activity.

Small IT teams are tasked with maintaining business services (often dependent on Active Directory), enforcing secure administration practices, and rapidly responding to time-consuming user requests (Gartner, 2010).  

The breadth of requirements puts already resource-constrained IT organizations under additional pressure to make contextual decisions about the validity of users’ requests, when in reality, only asset owners have the context necessary to make that decision.  As a result, many employees, contractors and partners end up with access to more data than necessary to perform their assigned job.  It is this access that creates an increased risk that organizations cannot tolerate.

There are solutions, processes and resources that exist to help you reduce organizational risk, manage identities appropriately, maintain services and do so with allotted resources.  As the role of Active Directory evolves and becomes a central component of your infrastructure, consider the following steps to improve your security posture and your ability to facilitate productive business.  

* Implement and enforce controls.  Active Directory natively lacks the administrative controls necessary to maintain a secure environment.  As such, organizations should seek to implement a solution that provides a granular separation of administrative duties.  By granularly controlling access, you can more easily ensure that users with elevated privileged access are only granted access to data that is relevant to their job.