Keeping track of user

By John Pallatto  |  Posted 2005-03-31 Print this article Print

IDs"> But it is a complicated process, and experience has shown that many companies are not as effective as they should be in keeping track of user IDs for employees, contractors and consultants, he said. A Meta Group Inc. research report indicates that most companies are remarkably ineffective when it comes to tracking down expired user IDs.
Meta Group estimates that on average employees are assigned 16 IDs to gain access to various applications during their stays.
But when they depart, only about 10 of those IDs are deleted, leaving 37.5 percent of themselves behind. This occurs because companies dont have integrated systems for tracking all application access permissions, Moritz said. It may be easy to track the standard access rights that are given to all employees and contractors, he said. But typically, workers are also one-time or continuing access to specialized applications that are beyond the standard log-on process. They are also the ones administrators typically miss when workers move on, Moritz said. All of those missed user IDs "could create a lot of problems for a company" if a former employee or consultant contrives a way to regain access to the system. They might do this by asking a friend or fellow consultant still working at the company to check if a certain account is still running. If so, it provides an opportunity for that person to access and possibly compromise data, set up fraudulent accounts and end up costing a former employer substantial amounts of money, according to Moritz. "This is not necessarily something that is common, but it is not uncommon either," he said. There have a number of such incidents in the past, and with the heightened concern about the integrity of personal records and identity theft, enterprises want to pay closer attention to user ID security, he said. Click here to read about Microsofts preparations to introduce a unified ID management suite to run on top of Windows Server. Until it acquired eTrust Cleanup from InfoSec, CA resold it as a third-party application. It will now become part of CAs Trust product family, which includes CA-AFC2 Security or the eTrust CA-Top Secret Security packages for the IBM z/OS mainframes. The eTrust Cleanup acquisition "provides us with the last piece that we needed [for ID and access management], and that is the mainframe piece," Moritz said. The company had already implemented identity management applications on smaller-scale server platforms, he said. The real value of having eTrust Cleanup as part CA security product family "is being able to have control over future development" of the product, he said. The company will be able to more fully integrate user ID provisioning and de-provisioning so "we can administer all level of account lifecycle from one interface," Moritz said. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

John Pallatto John Pallatto is's Managing Editor News/West Coast. He directs eWEEK's news coverage in Silicon Valley and throughout the West Coast region. He has more than 35 years of experience as a professional journalist, which began as a report with the Hartford Courant daily newspaper in Connecticut. He was also a member of the founding staff of PC Week in March 1984. Pallatto was PC Week's West Coast bureau chief, a senior editor at Ziff Davis' Internet Computing magazine and the West Coast bureau chief at Internet World magazine.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel