fhs
Volume 8, Number 21 -- May 27, 2008

Orphaned Account Risk Underestimated, Symark Says

Published: May 27, 2008

by Alex Woodie

A survey commissioned by Symark International found a disturbing level of management ignorance concerning orphaned accounts, or user accounts that remain active after an employee has left a company. The survey suggest that one in three organizations has little knowledge or control over orphaned accounts, which increases the risk of a disgruntled former user compromising an organization's security.

Symark's survey of 850 IT, C-level and HR executives, which was conducted earlier this year by eMediaUSA, examined the prevalence of orphaned accounts in the enterprises, and the processes the enterprises have in place to locate and terminate them.

Here are some of the more alarming results from the survey on orphaned accounts:

  • 42 percent of respondents said they do not know how many orphaned accounts exist within their organization
  • 30 percent said they have no procedure in place to locate orphaned accounts
  • 30 percent said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month to do so
  • 38 percent of respondents said they had no way of determining whether a current or former employee used an orphaned account to access information
  • 15 percent said a former employee has used an orphaned account to access information at least once.

The results highlight the very real threat that inside users--as opposed to hackers outside an organization--pose to organizations, according to Bob Farber, CEO of Symark. "By now, most security professionals understand that a vast majority of data breaches involve some sort of insider impropriety," he says. "However, the threat from within continues to remain a major hurdle, largely due to the sheer number of avenues available to an employee to carry out malicious activity.

"As the sobering results of this study demonstrate, orphaned accounts represent a major security and compliance challenge and are often overlooked as a potential threat vector," Farber continued. "It is clear that organizations must implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company, especially for large, international enterprises managing locations across the globe."

Symark, as you might have guessed, develops a line of software that sheds light on user accounts and the access these accounts give them within large organizations running a mixture of different platforms. The company's flagship product, PowerBroker, implements a series of processes around the use of powerful user profiles. Symark offers similar capabilities for i (formerly i5/OS) with PowerKeeper.


RELATED STORY

Symark Tackles Tough Access Control Problems


Back to the Web Version

TABLE OF CONTENTS
Paglo Aims to be the Google of IT Management

RPG Programmer Avoids 'Learn Java or Flip Burgers' Pitfall

Lieberman Adds i OS Support to Password Program

KST Offers DataTrigger to Protect DB2/400 Files

Kisco Clamps Down on FTP Exposure with SafeNet/400

News Briefs and Product Shorts:
Love's Likes CCSS for PCi . . . Orphaned Account Risk Underestimated, Symark Says . . . Pepsi Bottler Uncorks Application Modernization with looksoftware . . . JDE EnterpriseOne Certified for i 6.1 . . . Manufacturer's JDE System to Be Extended with SM-Plus . . .


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement