two
Volume 6, Number 21 -- May 28, 2008

Orphaned Account Risk Underestimated, Symark Says

Published: May 28, 2008

by Alex Woodie

A survey commissioned by Symark International found a disturbing level of management ignorance concerning orphaned accounts, or user accounts that remain active after an employee has left a company. The survey suggest that one in three organizations has little knowledge or control over orphaned accounts, which increases the risk of a disgruntled former user compromising an organization's security.

Symark's survey of 850 IT, C-level and HR executives, which was conducted earlier this year by eMediaUSA, examined the prevalence of orphaned accounts in the enterprises, and the processes the enterprises have in place to locate and terminate them.

Here are some of the more alarming results from the survey on orphaned accounts:

  • 42 percent of respondents said they do not know how many orphaned accounts exist within their organization
  • 30 percent said they have no procedure in place to locate orphaned accounts
  • 30 percent said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month to do so
  • 38 percent of respondents said they had no way of determining whether a current or former employee used an orphaned account to access information
  • 15 percent said a former employee has used an orphaned account to access information at least once.

The results highlight the very real threat that inside users--as opposed to hackers outside an organization--pose to organizations, according to Bob Farber, CEO of Symark. "By now, most security professionals understand that a vast majority of data breaches involve some sort of insider impropriety," he says. "However, the threat from within continues to remain a major hurdle, largely due to the sheer number of avenues available to an employee to carry out malicious activity.

"As the sobering results of this study demonstrate, orphaned accounts represent a major security and compliance challenge and are often overlooked as a potential threat vector," Farber continued. "It is clear that organizations must implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company, especially for large, international enterprises managing locations across the globe."

Symark, as you might have guessed, develops a line of software that sheds light on user accounts and the access these accounts give them within large organizations running a mixture of different platforms. The company's flagship product, PowerBroker, implements a series of processes around the use of powerful user profiles. Symark offers similar capabilities for i (formerly i5/OS) with PowerKeeper.


RELATED STORY

Symark Tackles Tough Access Control Problems



                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot


Sponsored By
WORLD DATA PRODUCTS

FREE Intel Server Spec Book.

FREE 86-page Server Spec Book. This new 86-page guide from World Data Products is the definitive resource on processor, memory and storage specifications for Dell PowerEdge, HP/Compaq ProLiant, and IBM xSeries servers.

A must for everyone involved in the design, installation and maintenance of servers.

To order click here or call 800-553-0592.


Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

COMMON:  Join us at the annual 2009 conference, April 26 - April 30, in Reno, Nevada
MoshiMoshi:  An Interactive Experience for the System i Community. See Episode 1 now!
Storage Guardian:  Remote backup services at a special rate of $8/compressed GB/month

 

 

IT Jungle Store Top Book Picks

Getting Started with PHP for i5/OS: List Price, $59.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket Developers' Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
iSeries Express Web Implementer's Guide: List Price, $59.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
WebFacing Application Design and Development Guide: List Price, $55.00
Can the AS/400 Survive IBM?: List Price, $49.00
The All-Everything Machine: List Price, $29.95
Chip Wars: List Price, $29.95


 
The Four Hundred
The Way IBM Sees New Versus Prior i Platforms

The Server Biz Enjoys the X64 Upgrade Cycle in Q1

Evans Data Ranks Integrated Development Environments

As I See It: The Programmer as Artist

Reseller Mainline to Acquire Competitor Cornerstone

The Linux Beacon
Red Hat Continues Feature Expansion with RHEL 5.2

Novell Delivers Service Pack 2 for SUSE Linux

The Server Biz Enjoys the X64 Upgrade Cycle in Q1

As I See It: The Programmer as Artist

Global Sales Save HP's Financial Cookies in the Second Quarter

Four Hundred Stuff
Paglo Aims to be the Google of IT Management

RPG Programmer Avoids 'Learn Java or Flip Burgers' Pitfall

Lieberman Adds i OS Support to Password Program

KST Offers DataTrigger to Protect DB2/400 Files

Kisco Clamps Down on FTP Exposure with SafeNet/400

Big Iron
Reseller Mainline to Acquire Competitor Cornerstone

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Use PCOMM Scripts to Dynamically Build a Spreadsheet, Part 2

Use SQL to Strip Out Tab Characters

Admin Alert: Monitoring the Monitors

System i PTF Guide
May 24, 2008: Volume 10, Number 21

May 17, 2008: Volume 10, Number 20

May 10, 2008: Volume 10, Number 19

May 3, 2008: Volume 10, Number 18

April 26, 2008: Volume 10, Number 17

April 19, 2008: Volume 10, Number 16

The Unix Guardian
Global Sales Save HP's Financial Cookies in the Second Quarter

NYSE Euronext Trades Mainframes and Unix for Linux and X64

Sun Updates VirtualBox with Native Solaris Support

HP Ships Insight Dynamics for Managing Physical and Virtual Machines

A Word Cloud of IBM Server Brand Names

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

IT Security
Storage Guardian
Danik Consulting
World Data Products
MKS


Printer Friendly Version


TABLE OF CONTENTS
Microsoft Reverses Course, Opens Office to ODF

Intel and Itanium Partners Gear Up for Quad-Core Tukwilas

Hyper-V RC1 Released as Microsoft Shares Performance Data

Paglo Aims to be the Google of IT Management

The Server Biz Enjoys the X64 Upgrade Cycle in Q1

But Wait, There's More:

That Windows-on-Power Rumor Surfaces Again . . . The Server Biz Enjoys the X64 Upgrade Cycle in Q1 . . . Evans Data Ranks Integrated Development Environments . . . Orphaned Account Risk Underestimated, Symark Says . . . The IT Services Business Keeps On A-Growing . . .

The Windows Observer

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement