|
|
|
Old User Accounts Pose Current Security Risks for Enterprises
By: Brian Prince
2008-05-16
Article Rating:  / 8
There are 3 user comments on this Network Security & Hardware story.
A recent study and last month's LendingTree data breach underscore the importance of managing orphaned accounts.Orphaned accounts are leaving a hole in enterprise security many companies are leaving unplugged.
A new study by eMedia USA, commissioned by identity management vendor Symark, found that 27 percent of respondents had more
than 20 orphaned accounts currently within their organization. More
alarming, more than 38 percent of respondents said they had no way of
determining whether a current or former employee used an orphaned
account to access information, and 15 percent said this has occurred at
least once.
 Click Here to Watch the
Latest eWEEK Newsbreak Video.
For the report,
released in May, eMediaUSA surveyed 850 security, IT, HR and C-level executives across a
number of industries. In addition to the other findings, the report
noted approximately 30 percent of respondents said it takes longer than
three days to terminate an account after an employee or contractor
leaves the company - 12 percent said it takes more than a month.
Though handling orphaned accounts may rank high on a companys list
of security priorities, consider what happened in the recent
LendingTree data breach: Former employees gave their old log-in
information to mortgage lenders, which used the orphaned accounts to
steal customer data.
There remains a gap between definition and process from business to
IT, and there just isnt enough automation to catch it, said Gartner
analyst Earl Perkins. I think the problem is also the lack of
awareness on the part of many enterprises about their risk and exposure
to not having good processes in place to address this. If an enterprise
has a good security policy that stipulates how these accounts should be
handled, coupled with the controls defined and implemented to make it
real, its less of a problem.
Ironically, compliance auditors may play a role in the situation as well.
Finding as many as 70 orphaned accounts, many with activity, is not
unusual at a mid-size organization, said Ellen Libenson, vice
president of marketing at Symark. "If auditors just verbally tell IT
'this isnt good, clean it up' but dont write them up, chances are the
issue goes another year without being addressed.
A number of vendors, including Symark, seek to address this
problem with their identity management tools. The technology is out
there, Gartner analyst Ray Wagner said, but enterprises need to buy in.
Compliance initiatives can help there, he said.
The tools are out there, but the larger identity management
problem is complex, he said. Projects are long-term, costly and
require buy-in and participation across the entire enterprise. Orphaned
accounts generally don't add or subtract anything from the bottom line,
so they are less visible to business leaders.
Perkins said IT pros would also like to see a consolidation of
functions with their existing user provisioning and access management
tools when it comes to large-scale implementations. For example,
allowing the compliance reporting of a provisioning tool to be able to
dashboard monitor and report on de-provisioning, he said.
|
|
�������x}r㶲s\@♵MR%heyYԩRQ"$1H.'ˮ��O7�t%_&㩱%�l�h|Ggo�D�0 8ܢd���;|�9|@D��%SjNAM3g�{ھl e��s_gp��,m�g
h{9Dm@�~5[��r�!&�֥qȏ�ͽ'c1 [t�V�;v oT|�� pfL&;�=a�>"E%�k4ً�ʏqGOw0{3-u@|ݖ|cXulAzf@h �ɠEu��L֟CԿ($fʀ�[8�#/�n�y�y��,\t
�̿{�׳��C}t3m�g�E-"GlR�ۆؼ�?0��$�O�L�E��rؗ#Y֍A,sti cM-���*R<<�Lp|˴&2͏7Z/sj�vz��9�(�p�nKV�a*:ӫn{'�ϭw~@α�{A~A7"
DT)�Jj\(�ϒDCa�:b= {3PT㍒~7jy%rX<,hv��$(I-bv=ӧH0Cƌ^8rrnuo]]^{-o~8jΐ|��bP+�M�z(#1h�ؕ�3Fz5G_/:ϚO�fGκW>m�8sِ���lnAZ|]kU[_oG�!"<0Mߑҡ~Fb=li�o]~:9o$ׅSYn_�s�`HmDi[ܺȑ\�yǛ+�a(�7F`XӀ7�? iP2\
8��X@.@ש#07ۯzxxf-Mn�"d��h�|])P3Z$j9�2�3=Pr5&Sk~�$M��cb.L2o2|)�m̗U/d`(AK/g-
�5t*軤(If0[A0<^f/�_��\RG�
1
p1S{n2�.sd>U<8y�vwܬ�u"*մ�[fhE�ށؓYtjeOVx��ǫ
�#�KEHYf7-wI09ꨦUʇ�+%Y��EPU
_1�q�-~~j0B��m�]&
:V}y0�`�h
�vz?3�Ϩagnۉ!9~��tD�AG66^lzK�裩I��Xn`vt��Hoqp{4�ڭ�-%H_� ><��ZN;��=H:}m�`�9�5$'CMߟ��-�s#09ww��ښA�<�Q]ӡ4}a�
h�p.pp�yY?90��d}
�w�,�߽9�#z[MK��x�G�zR�N\Qo�DM�2(%�E2� E�EK�i�@(� $h�O`��r���,l�bo(?LH�X-�VpD�Jm'8Ν3PKR�X�){T�Kh+�K@f:34YIJM�GѺń(VFND��l�0��Vf)Д
/�kb*q��(
tzS\O�Όō$����ЊOW}��?ٲZdY6 V7v/KT:�߮LR[k�
��2L����ZԵ1�� E�$$BY�`}.e�G�QH�īd�-
�&m;@=pl=5Ǡ}nP
jrAjS#��4E:,Wfn
����(��!r?-j(6�/3XSq�;h�zE>wH;\Ocg@>`��s?Q,C,8c�4)L>Eװ�H��ZU�{)u�&\�$(e\�8��V,'Ё*8t5u{yq?_Y�Z®tѐ/x泫Vp�
;Dۣ�h2�f��ñiHuߴ��iF̫%e��XȏE}�T5F" �D�ȸla,r�i�L*gXs�>Qid^0�RKc�Px�P߄3sHL(�T2`�ǎ73]�eaauEwPySm&�v�wd�70�M�9C���LKo3:;Ģ4Q}�(���Mքk&.}{�:�
;21�2&�z#Cv5 ��O�ˌJC4By^�YpQ.P8Ufj�tazt��ߙyx
dEM\CNyHlW��196M4qW;��P�RCP��Σe�O�#c#l��ʂt��!W�MUm�#Xݘ
`��1}jD�a�#�CP`wf0%�+
#m6QJc�8M vV�;��Դ)�R+b::>J��N枏�Kӥ����,ć#� 4i
0�X[�⚪T��}fW�7{%|h��#R�@
`�!
Kx{�ZCAk2۩Dw\܁c2P>H(T�g7gME]ac6U�{zn&�)ZMMU;4
OcIۛp3|9]|j9s#OPM�G9�F T,ۀ
^�0�93+Z_H]MM:f2/��c�>ϣ��#W5�oK�HDO"K�>�uKlm�?`g�`pl1�\APB7 l裛+7e�*r6=_�?�K=�[L4�@V1M0]��̞�̙�-m�dۨ�X9 2<`�(vX�Z`gOpTcHj[}'Xc0IeP3 æRR�U@V_A�ұg�/s_�5G=]y4sk'Si
l}[U�Ӕю�"eάɢ7(���C�i@/%9�T1 Vc>�?/$RAr+T54OxR,WEzy��,(U|<
B D*>"'w�ŏ�[oȧUrmVՏG>+�+~
E��Qռn0T�BE-) C���6��9
^��
LKfb;w?lͅ�Z57g�X~�sB�5�x)��@%enrI�Mq�{a/;CnK�-%.O@^ذ:z�6]ܒ(tם7.6 �21�$v��˽'j��H@KY�|P�FV*ӪV�$$< 7�C7�d',-�LGI4^�:&.2O�%ss�<
��⿂On{ܝ9Ѝ���FHΝ�rQӊ 5`JR�'0��阆�cĵ��) r^-�GYdQ.��|aR)�V8N3A��z'�
�vB�q]6�p����^a?up�-49^�I�(4T�xϰL�'�
eVqc?3 c�C7O�{=NL_BP`��&w,OɪO@T�#N��{?J#R>Y/5:/Gx�yg/vݽ8"�"hc~���D߫%~%<�j�ԾhuDJ�V-�_u?]4v&Ӹoٷ)��P �K Nc�bw}�ɾ3l4�6|v:����2�DH�4|w;�Nq}!}=^x}ђ's=B DH#䄬�W!zN[fS L
k;d8)(hdqH;z0M�6��:Uuʼn��b9�kI*D|=d_5�gHܠ
ʣa4l5/q�֭
Bb/�3Bd|PRc� (ʱ�=`=����`
Ɉfwy��N�αF_d�B@np�kz!NU��e,$+�e3ғ2p%5[ݫ�'
<��9gxDin/b��~C<�B<�/Mp<&�
]l=8,rl%uF;L�d�Nlp
l{`ycr�F�4-��_����w j�E�P�ARB�9kũ-pOӖO\�fax!u-(q�%՝b"(oBٺCO��,l}[�[��͘xI�S2%I�"ϔ �m$IjSf�k��C@$ğ_2JIv(+6Ht(dAz�j��Ӛ]e�.iw6D2F��M`l)JZa!A|)J|
>m@�� Rr';$%}@J^KJPW&BR�
0><�@�s`S¼*GC^=�{GNÊĶ3��= m{'�M{q?K8�t2Ti\'sXrw{ѺB��?݁M5=ICw5�chJNj=�/5g3@
\:`A�)cn
��~]��ު8E�q\x,3uY>�]bw�P�[_zŞYiIu�9/s\�-"�nZZ⽸�|:W90.�=y$/A�v} ,D>?GFm`"fFs�8EE[o\g�mef7cր!{� Rb'�O�mMN���i���zc{ƹ�39���@�*y�x�\�[w5&P)<��A~F<�v�4�)[7yΛZ}hn;�d�⫆ܖ�~�@F'�ZY�X��W+�*?�c+ޙU^�?�2�%;l�ߖ��c3�cp/*
_�?�ZR|
���.w�?дg=.00yS�/rK[�⹏^}lQۏo%~2;-���X#N�o`.C~eዘ֧tfڰ*[AgI-C9B{ܫ1mR+x ڱ
1gDu�p�8{A~N쐻�Ģ�&G[uX!&die�,�Ax. ?egID#�o�_�C�v�MÃ�&-UZ1Ѷ,��8�fX9,Ҥ刓&&0O?*c(b�=,,A?ʛ�{6=�l�����
*8Me"L/ezo>P�6Kޛw2�g@
_�r t)X>X?&Nj�(}�gIhqp'F~!0n!;T.:^?8wRYm!6?�hu���Ohw׆�.Hp�[
GP8=zgQT?ZgYElT�T��_p'R�]/5Y;�O'Ȕ,Il�vqU�=7 S%98)y�T-8Yr9mHƐ܄^:"+ YYy֧Tڧ��
f�=��A1&��F}Y��L kO�ćKS�hE^+%&W+�gYhY`nޠx?�?��ȮyO-L}�!$6.��~k�ZZTvx�>)j o�*rgM,�
*&5PG ѐr6nWF/]xn`,wOKC ��OAbY0��T)"�9'pRT�ߊ.J+���0��:Kp�Џ��ً�1XMS2Y!,S뫗,�~ޯATUҊo�2U{.zH���_P�T�0,�K}!Z���|Y�JB
M})63H�`�>iF`��5��HjI-�6"#= '�cΫgG_gV!DU$op[.<�ywLcƲ(˗O�Z �"ȶ{�,o�RP*Ad-FGuI�p��z
}6xy$.{�-���2�[o�,v�Re |,��g���ȁaI�J�P�@�e~"ЫgLd>��G�+mKwg=�k0���W�@5�LnB�Ix2R�;`{6S`»�k<`>H�'4χ�sόUkmKg'.t,Mgh?ҙ >Őz�eX)eS�2F%d;�HAr�a��uQq�1(?⥗�5�IRe��O7~*�]�C{SN
Tb��bD@JE-Wlɨ
0�a0孰�&_�k/CV^�1�B|=��9,c|l�b�^� O|俹俹俹俾KZ*Ow=,"
)ۤ
�ezF�ݚ]j9DR[dFgT9="�Pg8C$�D� @$�"!�Y{ZԘP�AW�SP /oIs]�
N(�F҅# �ZdSV>хa"'%jbnI ^�/�`^g&zB�5.�LQC*Bay
MzwD�G��*$D8$" m�AJD<����ޒJ/,/Nu[Hy � k<�G0l6�]
-?�<�H�OI�g&�^��� �BZvS
��
{۱ַ��&�
&d%N��gmx9a7Rb���*{"-
c
q$%?[�=p�\%r3�\-O:5!p��*C!�_@0Gon`֝0
Cߘ@{+0B"t?@-cn1$;1yLHj�~ж}A˽=V�4Ic
mY�[`cX�EIjw0m-m�Yޣ3疮)|Ur�ZZ$&ϲ4[>�@-�@ȼ=M�lD5:!k]J�E:`�ZC�aqX3SoN��%�Xy��"OQ�G+ɻ��p�zD�)�MuL�Eu~ 3槯\_,Ҷ��9Ioq"|~|W�saYɀ{9=0na,�S&Lm!�90�Ǽ�l�c"'�QiH��:�[PP*(w�՞��1l��˖C/0经UztWc
3K襍ҵτx��!})��п���{wn/1�~݊+�6&KS?�iҙ��H
Wkn3R)5ܫ9?S\mD��9v�osȑ�ۋuN퇩ўb|4,�R,�&Yqۏ�o[ͳ�.04&��S�tA>n�MNjz.�:?�K m+6a^ ʇ&[Q{Za+(`�6�*f63ZI
B\$Zz�B<_[tVOD.0F��P#�S�C��,6M$Ae�Ѓ5T?�0н~�n�ZU{�КXW�t bJ nZ,E�h 7]�0*
>&wA>po2|SP�ʕ�U+%=hp����&̋XH�t<.$:�I�6ȭ4�Fd.$1��qy5`G�;���
joE�ֹIz# ,@0e슍\��a��B�p[GF\{~uC��@
嵉Dp@n%X癉[@[ 죋L!sߴς
(�� (�]Af�3�Bxt'ln�M�V>�{�χ\n\�h[�:�L8!�iΣ?ߌjW�=P)`�#}A~b�C:�
lZF�� 7F(Є��G#Os3UǸZ�sx�X���m�!�a����{Ό6")(0c1Cd)x
�Ys��ӆ�$m�F�у("|/��#D[/d �6C��;b<1c|>O�c(��Q�@Ĩb)��(a�WE����@O��,�,(Ϗ�B5D���*%n67P�F�WIέ�03�L�\��Y�ej��xp�Ƨ�x�}��)(?�m>�5Kqf�ldaQ(�b:M�u?��}�.%n���KM 9b$��!%�H$bcx=9aacrdF�a]N͑/#~|a�P8�\
��+z+U'I]U@)p!xW`ǪZJ$ Pv'xu;n?ע.4!W�)WPh����r#cvFC�d���|a3B}3X`j�rֽ"
rvjާU^y��@a[k�N|SwN//gU�hbv>J5mkL�ide(A.��S�r[Ԟpi.$�"Gcɂw�ᝧ%;飱<��$m(�0%lyї�5�1o��(6ɭ�Fyllŵv�g5^�Lˢ�%!uԢ@oJ�cr��M�_p���4ħ�yO�\=4[E9yFG(Q�Q~�WO�@.w3ʑ˛f+�O7�~2�>?A�ڹv3Wo73ʡ}Q�ogc/W(�_6��Ꝍ;��N�|o'��O'�?��'c�N�}v>;�S\�ȜHqaN@�B�r��D��4��{HO8ѭ<\�zI[��xi0?x�sb��*9���n
9����#p�}
~iMnڧ\�v��<2kӫk+kp'k͠~�%s"N^��5ýEY�R�W8k�Mg4?
~r'܌��5>N?]_�Һh�.�[=
쓥/>gA7gn"��B8�Cw0
d�p=�.ʼnS�
;wE-=�
>}58]W�nރ97p�M�g��n�F�$5sC\ԴZjRs'WdQp@Dd��5ɪ"+Uw9 ط��V++b�`"!
*�s>P�`26UJ`
�z!�J1
�4c֭dK1;BDO"�щiFM$We",e��ȢȗᄽIگ�!�ā`
�}pTR�P}oy�
=s�
�YI��=�?r{I�2hؐCK؊9NحQ0�
S|wL�35<>HZ~�nܸ|Y�3I�r/2cڵTB\]i3 &�W$࣭A;=�M�,i_cErb9��Gu�Z�Q�8݈8��3%wwZf$�.$|'�Z,�mc6H[m�gvnC�k?vu7L_'/$N*۾d$ӧ�u�g}IzHzݥ}c҇«�E/=�ׇ"��cX
=��w`?EbС�_456p�twkd9HR�=�I�*4uMf�βْ�4-��szn%0)%� �KBl�m�WH-{X�|@ăx!$k0W���p[�a#,!
|t,Cfc��c֒�_6/gwc;MzK9[(�(&�]�a�#U%�$tfP/��9"Ź
oPm��B����wC�w�
,��AQ6�v�@u+J�"@2x̴u{$/;vc�3)f���GNFp)N�<}q?ڢ�u+�ğ? \��cwH�V�0ΪT�U|�l>cx w}�o|2DׁݞV���OXo}
8l�O.�h|�}́ XsCQ%`
�=[-H�ˍt�_&%�\"d<�l4�@FWD0;"����ZYm"sE��%��X,8/# �uf4[�;>�BA��r"#��v
ǯ-�'�yvJ^�Qt�7tlmb�@�J\�� Tܯ-ތpP5k�+W�ei$ցi.��>�ΈRnãō�H�Ǹӭ��[�qy6` <Щ�1D\bv�E9b6M�
�Ѩ�pCTؕE�l�d�|Nuu~��ve+{@760*
<9-o��@�>���{~��w!Ǹ�0tcz7^?ͳ-lI12��,�$8zIW�{{a0��&iE㨤t`C
v�_ʉ~ph;?�҈>A� wVǰ�.XF!Ƨۅ7�'T�S*�4.v>ϭ>Z\:9Zp�Ϣy9u�3E~�cw�.^�A-F�14Mo,gkV�TF�\L�味<��A�C9Xq�k @c݄6:�L]L�l&j1Bi>c1�w1�LX�+0_m�k��ASs�DeU��|tCGYEL`&;]+�NJ�9=O9*�R"L0M���Är"5poq-ye��әH��pK��xq�Ba��ʩȩ(v�}_\%hw2b5�biORVl/'+e={Tw r9̳��`b�hPlQSVI�Fv3�HZ�\֓CX-lu; o]��jm٦d�U4s�_jj*J6
|
Network Security & Hardware 
