Keeping track of user
IDs"> But it is a complicated process, and experience has shown that many companies are not as effective as they should be in keeping track of user IDs for employees, contractors and consultants, he said. A Meta Group Inc. research report indicates that most companies are remarkably ineffective when it comes to tracking down expired user IDs.But when they depart, only about 10 of those IDs are deleted, leaving 37.5 percent of themselves behind. This occurs because companies dont have integrated systems for tracking all application access permissions, Moritz said. It may be easy to track the standard access rights that are given to all employees and contractors, he said. But typically, workers are also one-time or continuing access to specialized applications that are beyond the standard log-on process. They are also the ones administrators typically miss when workers move on, Moritz said. All of those missed user IDs "could create a lot of problems for a company" if a former employee or consultant contrives a way to regain access to the system. They might do this by asking a friend or fellow consultant still working at the company to check if a certain account is still running. If so, it provides an opportunity for that person to access and possibly compromise data, set up fraudulent accounts and end up costing a former employer substantial amounts of money, according to Moritz. "This is not necessarily something that is common, but it is not uncommon either," he said. There have a number of such incidents in the past, and with the heightened concern about the integrity of personal records and identity theft, enterprises want to pay closer attention to user ID security, he said. Click here to read about Microsofts preparations to introduce a unified ID management suite to run on top of Windows Server. Until it acquired eTrust Cleanup from InfoSec, CA resold it as a third-party application. It will now become part of CAs Trust product family, which includes CA-AFC2 Security or the eTrust CA-Top Secret Security packages for the IBM z/OS mainframes. The eTrust Cleanup acquisition "provides us with the last piece that we needed [for ID and access management], and that is the mainframe piece," Moritz said. The company had already implemented identity management applications on smaller-scale server platforms, he said. The real value of having eTrust Cleanup as part CA security product family "is being able to have control over future development" of the product, he said. The company will be able to more fully integrate user ID provisioning and de-provisioning so "we can administer all level of account lifecycle from one interface," Moritz said. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Meta Group estimates that on average employees are assigned 16 IDs to gain access to various applications during their stays.