Business units should enforce your key authorization use cases and simplify granting users access to data.

The business unit can represent a specific department within your organization. A common exception to this method of segregation is the IT organization may not be a single business unit. The IT infrastructure may be separated out within the various business units being served even if the IT organization is centralized. Applications can be placed within the business unit which they serve.

An alternative structure could segregate business units based on ownership. This would include one or more infrastructure departments which serve the rest of the organization. Applications would be placed within the development organizations which maintain them. Development organizations may service multiple business organizations. This methodology splits the application and network functionality across business units.