Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Small Business

    Old User Accounts Pose Current Security Risks for Enterprises

    By
    Brian Prince
    -
    May 16, 2008
    Share
    Facebook
    Twitter
    Linkedin

      Orphaned accounts are leaving a hole in enterprise security many companies are leaving unplugged.

      A new study by eMedia USA, commissioned by identity management vendor Symark, found that 27 percent of respondents had more than 20 orphaned accounts currently within their organization. More alarming, more than 38 percent of respondents said they had no way of determining whether a current or former employee used an orphaned account to access information, and 15 percent said this has occurred at least once.

      Click Here to Watch the Latest eWEEK Newsbreak Video.

      For the report, released in May, eMediaUSA surveyed 850 security, IT, HR and C-level executives across a number of industries. In addition to the other findings, the report noted approximately 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company – 12 percent said it takes more than a month.

      Though handling orphaned accounts may rank high on a company’s list of security priorities, consider what happened in the recent LendingTree data breach: Former employees gave their old log-in information to mortgage lenders, which used the orphaned accounts to steal customer data.

      “There remains a gap between definition and process from business to IT, and there just isn’t enough automation to catch it,” said Gartner analyst Earl Perkins. “I think the problem is also the lack of awareness on the part of many enterprises about their risk and exposure to not having good processes in place to address this. If an enterprise has a good security policy that stipulates how these accounts should be handled, coupled with the controls defined and implemented to make it real, it’s less of a problem.”

      Ironically, compliance auditors may play a role in the situation as well.

      “Finding as many as 70 orphaned accounts, many with activity, is not unusual at a mid-size organization,” said Ellen Libenson, vice president of marketing at Symark. “If auditors just verbally tell IT ‘this isn’t good, clean it up’ but don’t write them up, chances are the issue goes another year without being addressed.”

      A number of vendors, including Symark, seek to address this problem with their identity management tools. The technology is out there, Gartner analyst Ray Wagner said, but enterprises need to buy in. Compliance initiatives can help there, he said.

      “The tools are out there, but the larger identity management problem is complex,” he said. “Projects are long-term, costly and require buy-in and participation across the entire enterprise. Orphaned accounts generally don’t add or subtract anything from the bottom line, so they are less visible to business leaders.”

      Perkins said IT pros would also like to see a consolidation of functions with their existing user provisioning and access management tools when it comes to large-scale implementations. For example, allowing the compliance reporting of a provisioning tool to be able to dashboard monitor and report on de-provisioning, he said.

      Brian Prince

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×