Many organizations are still getting by without a directory service \u2013 but it\u2019s probably leaving their IT staff unnecessarily frazzled. The hidden cost of going without a true directory can be measured in the time spent managing their 50+ web-based applications by hand1<\/sup><\/a>, laboriously tracking 191 passwords per person2<\/sup><\/a>, and spending 1,800 hours3<\/sup><\/a> and $61,2004<\/sup> per year on manually updating just 50 systems. This cost does not solely impact the IT department either. The whole organization is affected by the inefficiencies and lower security that is a byproduct of not implementing a directory service. So what exactly is a directory service, and what does it have to do with security and productivity?<\/p>\n\n\n\n A directory service is a database that stores information about users and IT resources. Then, with this information, it maps out the relationship between users and IT resources and designates access between the two. An effective directory service will provide one central location where all of this information is stored and mapped, providing users and IT administrators access to computers, printers, servers, applications, files, and other resources on the network.<\/p>\n\n\n\n A directory service will provide a secure way to authorize users to access company resources \u2013 and to revoke a user\u2019s access if necessary. Since a directory serves as the authoritative source of identity truth at an organization, it is also called a core identity provider or referred to as identity management.<\/p>\n\n\n\n With centralized management, IT admins can more efficiently and securely manage the environment. When working properly, end users do not even know that directory services exist. They just know that they\u2019re gaining seamless access to the IT resources they need to do their job.<\/p>\n\n\n\n The better the directory, the more productivity and security the company enjoys. Conversely, the absence of an identity provider creates inefficiencies and security risks that can end up costing millions.<\/p>\n\n\n\n The absence of an identity provider impacts an IT admin\u2019s ability to streamline management of user information, user access, and the IT resources themselves. As a result, IT admins are left to manage these components manually, costing an organization a considerable amount of money and time.<\/p>\n\n\n\n IT admins are responsible for managing the IT resources themselves, and as mentioned in the introduction, the typical organization uses more than just the 50+ web-based applications. On top of those applications, there is typically as many systems as there are users, a forest of server infrastructure, and several file servers and printers. With each of these resources, IT admins have to do the following:<\/p>\n\n\n\n While a directory service cannot automate all of these responsibilities, it can make them more efficient through group-based management of users and resources. This concept was pioneered by Microsoft with their GPOs (Group Policy Objects) for Windows machines, and now the ability for admins to automate tasks or enforce settings across a group of systems (regardless of platform) or users has become an expected capability of a full-fledged directory solution.<\/p>\n\n\n\n If there is no directory service, then IT admins do not have access to this type of capability, and they end up completing many tasks manually \u2014 one resource, one user at a time. Take systems, for example. A regular part of managing a group of systems includes enforcing security policies. A feature with GPO-like capabilities enables IT admins to remotely dictate how a whole fleet of systems will behave in their environment. Some of the system behavior IT admins need to manage includes the following: ensuring systems screen lock after an appropriate time period; disabling\/enabling Cortana or Siri; assuring all systems are up-to-date; and managing what settings and features users have access to.<\/p>\n\n\n\n GPO-like capabilities empower IT organizations to dictate all of this and more with a few clicks. While Microsoft may have led the way with GPOs for Windows devices, there are now cross-platform alternatives<\/a> that allow admins to enforce policies with greater ease across Windows, Mac, and Linux devices.<\/p>\n\n\n\n However, no directory service means no access to GPO-like capabilities, so enforcing security policies becomes a tedious, manual undertaking. This means IT admins have to physically go to each system to update it, amounting to high financial costs and time sinks.<\/p>\n\n\n\n 12 People 20 Hours Each<\/p>\n\n\n\n 2 People 6 Hours Each**<\/p>\n\n\n\n 50 Systems 150 Hours per Month<\/p>\n\n\n\n $61200 Labor Cost*** 1800 Hours\u2020<\/p>\n\n\n\n At times, employees even had to stop working on their system, so that IT could update it: each employee had to stop working for approximately 3 hours each month. In a 50 person company, that\u2019s 1,800 interrupted user hours per year.8<\/sup><\/a><\/p>\n\n\n\n The high costs associated with manually managing IT resources is just the start though.<\/p>\n\n\n\n In addition to the pain of manually managing resources, there is another task that is significantly more abundant and more painful when a directory service is not in place \u2013 changing user passwords.<\/p>\n\n\n\n Research from Mandylion Labs estimates that 20% to 50% of all help desk calls are for password resets. Additionally, the average help desk labor cost for a single password reset is about $709<\/sup><\/a>. For an organization that closes approximately 2,600 IT tickets in one year, that adds up to $91,000 spent just on IT admins changing user passwords.10<\/sup><\/a><\/p>\n\n\n\n These high costs occur when there is no core identity provider because each resource ends up having their own set of user information. As a result, managing user information is convoluted and tedious for IT admins, while daunting to end users. Users in particular find that it is too complicated to make simple adjustments on their own, so IT ends up fielding many requests related to simple tasks (e.g., password changes).<\/p>\n\n\n\n Onboarding and offboarding users is another task that is tedious and prone to human error when an identity provider is not in place. Just like with managing user information, IT admins have to go into each IT resource to add or delete a user. Take the 50+ applications found in the average organization. If these aren\u2019t centrally managed by a directory service, an IT admin has to rely on manual maintenance. A method that is not only time consuming, but also prone to human error. For example, if a user needs access to 20 applications, it\u2019s laborious to touch each resource, and add the appropriate information. When they leave the company, it\u2019s just as time consuming to deprovision them from all of their IT resources.<\/p>\n\n\n\n In the same way thousands of hours and dollars are spent on IT admins completing less valuable tasks, end user productivity is also negatively affected when unified identity management is not in place. For example, the lack of a directory service means users will likely have separate credentials for each resource. This is a problem because it means they will have to type in a different set of credentials for each digital asset. This results in the following:<\/p>\n\n\n\n Additionally, 76% of employees report regularly experiencing password usage problems. Consequently, they regularly end up taking more than 14 seconds to gain access to their resource.7<\/sup><\/a><\/p>\n\n\n\n We\u2019ve covered a lot of data related to an absent directory service\u2019s impact on productivity. So let\u2019s briefly recap the costs we\u2019ve presented so far and how they would impact your bottom line:<\/p>\n\n\n\n When a directory service is not in place, IT admins are unable to centrally manage the choices users are making, especially when it concerns passwords. This is a particularly scary problem when you realize that 81% of breaches are a result of weak or stolen passwords 17<\/sup><\/a>. The likelihood of insecure user identities increases when there is no directory service because a user\u2019s identity is not under an IT admin\u2019s control, and instead winds up being the end user\u2019s responsibility. This is a problem because you simply cannot count on your end users to follow best practices when it comes to security.<\/p>\n\n\n\n When it comes down to it, a user\u2019s curiosity and desire for convenience will outweigh security. This attitude makes the users themselves the biggest security threat at a company. Let\u2019s break down the risk presented by users and how identity management practices can either increase or reduce that risk.<\/p>\n\n\n\n A user\u2019s curiosity tends to get the better of them. For example, a study by the University of Illinois found that 50% of people who find a lost USB drive will insert it into their computer, and 70% of those people do not even take any security precautions. Furthermore, \u201cWhile users initially connect the drive with altruistic intentions, nearly half are overcome with curiosity and open intriguing files\u2014such as vacation photos\u2014before trying to find the drive\u2019s owner.\u201d18<\/sup><\/a><\/p>\n\n\n\n IT admins not only have to worry about a user\u2019s curiosity, but also their tendency to favor convenience over security. A report from LastPass found the following:<\/p>\n\n\n\n Clearly, users despise coming up with new passwords. In the event that users do create new passwords, the downside is they tend to pick passwords that are easy to remember. In fact, the top 5 most used passwords in 2017 were the following20<\/sup><\/a>:<\/p>\n\n\n\n Employees are responsible for about 46% of IT security incidents and 40% will try to hide an incident to avoid punishment. The same survey also discovered that employee negligence was responsible for losing highly sensitive customer\/employee information among 25% of companies who participated.21<\/sup><\/a><\/p>\n<\/div>\n\n\n\n Implementing a directory service can reduce employee negligence with features that can enforce password complexity, multi-factor authentication (MFA), SSH key authentication, security policies on systems, and more.<\/p>\n\n\n\n Nobody thinks they\u2019re going to be breached until they are, and some have paid a heavy price for not taking security more seriously. If you are a small company, it is easy to think attackers will not target you, but in a report from Verizon, 61% of data breach victims were businesses under 1,000 employees.17<\/sup><\/a> So regardless of company size, it\u2019s crucial to reevaluate your security posture and how many decisions are in the hands of the end user. If the results are unsettling, implementing an identity provider is a powerful starting point. Let\u2019s take a look at the data breach costs you would avoid by taking this step.<\/p>\n\n\n\n When considering the cost of a data breach in the United States, Ponemon Institute presents a number of components to consider:22<\/sup><\/a><\/p>\n\n\n\n Whether in terms of productivity, security, or simply finances, an organization can pay a high price when they fail to implement a directory service. The absence of a directory service impacts more than just the bottom line, dictating how end users and IT admins spend their time. In fact, thousands of hours can be wasted on tasks that have little-to-no value. Additionally, a directory service assists IT organizations with fortifying security by helping to take security-related decisions out of the hands of risk-prone end users and avoiding the average 7 million dollar expense attached to a data breach.<\/p>\n\n\n\n With the potential monetary and productivity loss that occurs when a directory service is absent, hopefully the question is no longer whether or not you should implement one, but rather, can you afford not to?<\/p>\n\n\n\n So, now that you understand how a directory service can bring tremendous value to your organization, which one do you choose? What makes an effective directory service, and what doesn\u2019t? If you have a cloud-forward IT environment that includes a mix of systems (e.g. Windows\u00ae<\/sup>, Mac\u00ae<\/sup>, Linux\u00ae<\/sup>), platforms (i.e. O365\u2122, G Suite\u2122, Slack, GitHub\u2122), or providers (AWS\u00ae<\/sup>, GCP\u2122, Azure\u00ae<\/sup>, etc.), consider starting your search with JumpCloud\u00ae<\/sup> Directory-as-a-Service\u00ae<\/sup>. The customer case studies below offer insight into how JumpCloud has helped organizations solve many of the productivity and security issues mentioned in this report. If you would like to talk to a person about how JumpCloud can centralize your IT environment, don\u2019t hesitate to reach out to us<\/a>. For specific information on how JumpCloud\u2019s ROI compares to other significant players in the space, mention that you would like to see JumpCloud\u2019s ROI Calculator. Of course, you are also more than welcome to start experiencing our cloud identity provider for yourself by signing up for a free account<\/a>.<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" Directory services not worth it? Hold your tongue and check the books. We’re quantifying the value of directory services.<\/p>\n","protected":false},"author":55,"featured_media":17383,"template":"","categories":[42],"collection":[],"wheel_hubs":[],"platform":[],"resource_type":[2311],"funnel_stage":[],"coauthors":[2513],"acf":[],"yoast_head":"\nWhat is a Directory Service?<\/h2>\n\n\n\n
![\"Using](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/connected-dots.png\")
<\/figure><\/div>\n\n\n\nA Directory Service\u2019s Impact on Productivity<\/h2>\n\n\n\n
IT Admin\u2019s Productivity<\/h3>\n\n\n\n
Managing IT Resources<\/h4>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/09\/page-in-computer.png\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/stopwatch-2-1.png\")
<\/figure><\/div>\n\n\n\nIn fact, CSO conducted a survey on manually managing system updates, and one IT admin said it took the following:<\/h4>\n\n\n\n
Once they were able to implement an automated process, it went down to<\/h4>\n\n\n\n
Another report concluded that manual updates would take:<\/h4>\n\n\n\n
In just one year that\u2019s:<\/h4>\n\n\n\n
Managing User Information<\/strong><\/h4>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2019\/01\/new-red-orange-id-badge.png\"){kind=icon}
<\/figure><\/div>\n\n\n\nManaging Access to IT Resources<\/strong><\/h4>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/10\/lighter-user-dots.png\")
<\/figure><\/div>\n\n\n\n
End User Productivity<\/h3>\n\n\n\nThe Cost to Your Bottom Line<\/h3>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/calculator-2.png\")
<\/figure><\/div>\n\n\n\nA Directory Service\u2019s Impact on Security<\/h2>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/12\/light-red-shield.png\")
<\/figure><\/div>\n\n\n\nWhy Security is Best Left Under IT\u2019s Control<\/h3>\n\n\n\n
Guarding Against Curiosity<\/h4>\n\n\n\n
![\"telescope\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/telescope-2.png\")
<\/figure><\/div>\n\n\n\n
Countering Tendencies for Convenience<\/h4>\n\n\n\nThis behavior is not surprising considering another study discovered 38% of users would rather clean a toilet than create a new password.19<\/sup><\/a><\/h4>\n\n\n\n
Your Greatest Security Risk<\/h4>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/07\/silver-lock.png\")
<\/figure><\/div>\n\n\n\nCost of a Breach<\/h3>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
Next Steps<\/h3>\n\n\n\n
Sources<\/h2>\n\n\n\n
72,762\/2087 = $34\/hr ; 1,800 x 34 = $61,200 average IT labor cost for manually patching systems<\/li>
72,762\/2087 = $34\/hr ; 36 hrs x $34 = $1,224\/year on manually patching 1 system<\/li>