Volume 8, Number 21 -- May 27, 2008

Orphaned Account Risk Underestimated, Symark Says

Published: May 27, 2008

by Alex Woodie

A survey commissioned by Symark International found a disturbing level of management ignorance concerning orphaned accounts, or user accounts that remain active after an employee has left a company. The survey suggest that one in three organizations has little knowledge or control over orphaned accounts, which increases the risk of a disgruntled former user compromising an organization's security.

Symark's survey of 850 IT, C-level and HR executives, which was conducted earlier this year by eMediaUSA, examined the prevalence of orphaned accounts in the enterprises, and the processes the enterprises have in place to locate and terminate them.

Here are some of the more alarming results from the survey on orphaned accounts:

  • 42 percent of respondents said they do not know how many orphaned accounts exist within their organization
  • 30 percent said they have no procedure in place to locate orphaned accounts
  • 30 percent said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month to do so
  • 38 percent of respondents said they had no way of determining whether a current or former employee used an orphaned account to access information
  • 15 percent said a former employee has used an orphaned account to access information at least once.

The results highlight the very real threat that inside users--as opposed to hackers outside an organization--pose to organizations, according to Bob Farber, CEO of Symark. "By now, most security professionals understand that a vast majority of data breaches involve some sort of insider impropriety," he says. "However, the threat from within continues to remain a major hurdle, largely due to the sheer number of avenues available to an employee to carry out malicious activity.

"As the sobering results of this study demonstrate, orphaned accounts represent a major security and compliance challenge and are often overlooked as a potential threat vector," Farber continued. "It is clear that organizations must implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company, especially for large, international enterprises managing locations across the globe."

Symark, as you might have guessed, develops a line of software that sheds light on user accounts and the access these accounts give them within large organizations running a mixture of different platforms. The company's flagship product, PowerBroker, implements a series of processes around the use of powerful user profiles. Symark offers similar capabilities for i (formerly i5/OS) with PowerKeeper.


Symark Tackles Tough Access Control Problems

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

Compliance got you seeing red?

Keep your organization in line with
Aldon's Application Lifecycle Management solutions.

Whether you fall under HIPAA, Sarbanes-Oxley,
ITIL, Basel II or other initiatives, Aldon ALM will
simplify your life and ensure regulatory compliance.

Download our White Paper, and learn how Aldon can bring you
the best practices you need to achieve governance.

Click here to download

Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

COMMON:  Join us at the Focus 2008 workshop conference, October 5 - 8, in San Francisco, California
Help/Systems:  Explore operations automation and BI, June 17 - 20, 2008, Minneapolis, MN
Vision Solutions:  System i Management Tips Blog - Free i5/OS Tips Each Week!


IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
Getting Started with PHP for i5/OS: List Price, $59.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket Developers' Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
iSeries Express Web Implementer's Guide: List Price, $59.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
WebFacing Application Design and Development Guide: List Price, $55.00
Can the AS/400 Survive IBM?: List Price, $49.00
The All-Everything Machine: List Price, $29.95
Chip Wars: List Price, $29.95

The Four Hundred
The Way IBM Sees New Versus Prior i Platforms

The Server Biz Enjoys the X64 Upgrade Cycle in Q1

Evans Data Ranks Integrated Development Environments

As I See It: The Programmer as Artist

Reseller Mainline to Acquire Competitor Cornerstone

The Linux Beacon
NYSE Euronext Trades Mainframes and Unix for Linux and X64

Canonical Founder Calls for Synchronized Linux Releases

AMD Ships Low-Power Barcelonas as Two More Execs Exit

New and Updated Barcelona Boxes Debut from Sun

VMware Tweaks Virtualization Stack, Boasts of Greenness and Sales

Big Iron
NYSE Euronext Trades Mainframes and Unix for Linux and X64

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Use PCOMM Scripts to Dynamically Build a Spreadsheet, Part 2

Use SQL to Strip Out Tab Characters

Admin Alert: Monitoring the Monitors

System i PTF Guide
May 17, 2008: Volume 10, Number 20

May 10, 2008: Volume 10, Number 19

May 3, 2008: Volume 10, Number 18

April 26, 2008: Volume 10, Number 17

April 19, 2008: Volume 10, Number 16

April 12, 2008: Volume 10, Number 15

The Windows Observer
Micro-Hoo is Back On the Table, But In a Different Form

Developers Cool to Vista, Evans Study Finds

Global Sales Save HP's Financial Cookies in the Second Quarter

Symantec Combats Phishing with New Services Offering

Microsoft Heads Aberdeen's List of Top 100 Tech Companies

The Unix Guardian
Global Sales Save HP's Financial Cookies in the Second Quarter

NYSE Euronext Trades Mainframes and Unix for Linux and X64

Sun Updates VirtualBox with Native Solaris Support

HP Ships Insight Dynamics for Managing Physical and Virtual Machines

A Word Cloud of IBM Server Brand Names

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar


ProData Computer Services
Maximum Availability
RJS Software Systems

Printer Friendly Version

Paglo Aims to be the Google of IT Management

RPG Programmer Avoids 'Learn Java or Flip Burgers' Pitfall

Lieberman Adds i OS Support to Password Program

KST Offers DataTrigger to Protect DB2/400 Files

Kisco Clamps Down on FTP Exposure with SafeNet/400

News Briefs and Product Shorts:

Love's Likes CCSS for PCi . . . Orphaned Account Risk Underestimated, Symark Says . . . Pepsi Bottler Uncorks Application Modernization with looksoftware . . . JDE EnterpriseOne Certified for i 6.1 . . . Manufacturer's JDE System to Be Extended with SM-Plus . . .

Four Hundred Stuff


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement