- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
De-provisioning is the act of removing access for a user's account while not necessarily removing the account (which most likely will still be needed for a while for compliance auditing and other reasons). Almost all current provisioning software includes modules to de-provision accounts, but that hasn't always been the case. As I noted in an article about the first identity provisioning application, back in 1999, de-provisioning was in the road map for the second release. By now I'd expected that a) just about everyone would have installed provisioning software; and b) most of those would include de-provisioning as a feature. I was wrong.
Symark International has made its name in privileged account management (see “Symark makes its own mark in the privileged access market”). They recently commissioned eMediaUSA to survey more than 850 security, IT, HR and C-level executives across all industries about orphaned accounts - user accounts that remain active after an employee has left a company - and the processes organizations have in place to locate and terminate them. The results were surprising to me.
The study revealed that 42% of businesses do not know how many orphaned accounts exist within their organization, and 30% of respondents said they have no procedure in place to locate orphaned accounts.
Now that could be because they’re all using good de-provisioning software and haven’t felt the need to explore their accounts further. But even with that Pollyanna-ish reading of the result, those execs appear to think they are living in a world where nothing ever goes wrong.
More troubling, though, were some other results:
• Approximately 27% of respondents said that more than 20 orphaned accounts currently exist within their organization.
• More than 30% of respondents said it takes longer than three days to terminate an account after an employee or contractor
leaves the company, while 12% said it takes longer than one month.
• More than 38% of respondents said they had no way of determining whether a current or former employee used an orphaned account
to access information, while 15% said that this has occurred at least once.
Flashing red alarm lights should now be going off in your head. Drop what you’re doing and organize a way to investigate the possibilities of your orphaned accounts. But beyond that, get to work on a solid de-provisioning plan. If your provisioning vendor can’t help, I’m sure Symark would be ready to jump into the breech.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment