Orphaned Account Risk Underestimated, Symark Says
Published: May 28, 2008
by Alex Woodie
A survey commissioned by Symark International found a disturbing level of management ignorance concerning orphaned accounts, or user accounts that remain active after an employee has left a company. The survey suggest that one in three organizations has little knowledge or control over orphaned accounts, which increases the risk of a disgruntled former user compromising an organization's security.
Symark's survey of 850 IT, C-level and HR executives, which was conducted earlier this year by eMediaUSA, examined the prevalence of orphaned accounts in the enterprises, and the processes the enterprises have in place to locate and terminate them.
Here are some of the more alarming results from the survey on orphaned accounts:
- 42 percent of respondents said they do not know how many orphaned accounts exist within their organization
- 30 percent said they have no procedure in place to locate orphaned accounts
- 30 percent said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month to do so
- 38 percent of respondents said they had no way of determining whether a current or former employee used an orphaned account to access information
- 15 percent said a former employee has used an orphaned account to access information at least once.
The results highlight the very real threat that inside users--as opposed to hackers outside an organization--pose to organizations, according to Bob Farber, CEO of Symark. "By now, most security professionals understand that a vast majority of data breaches involve some sort of insider impropriety," he says. "However, the threat from within continues to remain a major hurdle, largely due to the sheer number of avenues available to an employee to carry out malicious activity.
"As the sobering results of this study demonstrate, orphaned accounts represent a major security and compliance challenge and are often overlooked as a potential threat vector," Farber continued. "It is clear that organizations must implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company, especially for large, international enterprises managing locations across the globe."
Symark, as you might have guessed, develops a line of software that sheds light on user accounts and the access these accounts give them within large organizations running a mixture of different platforms. The company's flagship product, PowerBroker, implements a series of processes around the use of powerful user profiles. Symark offers similar capabilities for i (formerly i5/OS) with PowerKeeper.
Symark Tackles Tough Access Control Problems
Post this story to del.icio.us
Post this story to Digg
Post this story to Slashdot