The Earthtimes online News
Home

Survey of More Than 800 IT Personnel and Executives Exposes Ubiquity of Orphaned Accounts as a Critical IT Security Vulnerability

Posted : Mon, 19 May 2008 12:40:05 GMT
Author : CA-SYMARK-INTERNATIONAL
Category : Press Release
News Alerts by Email click here )
Create your own RSS
News | Home
AGOURA HILLS, Calif. - (Business Wire) Symark International, developer of the PowerSeries information security solutions for managing privileged account access, today announced the results of a survey of more than 800 security, IT, HR and C-level executives across all industries. Conducted by eMediaUSA, the survey focused on orphaned accountsuser accounts that remain active after an employee has left a companyand the processes organizations have in place to locate and terminate them. The study revealed that 42 percent of businesses do not know how many orphaned accounts exist within their organization, and 30 percent of respondents said they have no procedure in place to locate orphaned accounts.

Orphaned accounts represent a significant problem among organizations across all industries. Unfortunately, many IT staffs tend to be overworked and as a result, these open accounts are often overlooked, said Sally Hudson, research director, security products and services, IDC. Whenever an employee leaves an organization, IT and security administrators should make it a priority to shut down their access immediately. Failure to do so creates gaping holes through which hackersor malicious insiders who are familiar with the IT environmentcan access and pilfer sensitive material.

Other key findings from the survey include:

-- Approximately 27 percent of respondents said that more than 20 orphaned accounts currently exist within their organization.

-- More than 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month.

-- More than 38 percent of respondents said that they had no way of determining whether a current or former employee used an orphaned account to access information, while 15 percent said that this has occurred at least once.

Controlling access to proprietary systems and information continues to present an IT security challenge. In fact, in our upcoming research report entitled IT Governance, Risk and Compliance Management in the Real World, gaps in access and entitlements controland the significant audit defects resulting from themare one of the concerns most frequently mentioned in focus interviews, said Scott Crawford, research director at Enterprise Management Associates. The significant threat posed by the existence of orphaned accounts contributes to this issue, and our findings on this topic align with the results of Symarks survey. For example, one IT auditor revealed that in a 5,000-employee financial services firm, 43 percent of existing access rights were either excessive or should have been retired.

By now, most security professionals understand that a vast majority of data breaches involve some sort of insider impropriety. However, the threat from within continues to remain a major hurdle, largely due to the sheer number of avenues available to an employee to carry out malicious activity, said Bob Farber, chief executive officer at Symark International. As the sobering results of this study demonstrate, orphaned accounts represent a major security and compliance challenge and are often overlooked as a potential threat vector. It is clear that organizations must implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company, especially for large, international enterprises managing locations across the globe.

About Symark International

Symark International is the leading provider of systems access management solutions for heterogeneous IT environments. Symark PowerBroker® enables granular delegation of administrative privileges while restricting UNIX/Linux root account access. Symark PowerPassword® provides UNIX/Linux user account management along with login and password security policies. Symark PowerKeeper® controls access to shared administrative accounts for servers, applications, and network devices for multiple platforms. Symark PowerADvantage® extends Microsoft® Active Directorys centralized authentication, authorization, account access, policy enforcement and infrastructure management functionality to UNIX and Linux systems. All products offer a non-intrusive architecture, central administration, accountability at the systems level and detailed audit logs. Symark offers extensive expertise in enterprise computing security, and its products are backed by unmatched technical support. For more information, visit us at www.symark.com.

Symark Software
Ellen Libenson, 800-234-9072
elibenson@symark.com
or
Schwartz Communications, Inc.
Dan Borgasano, 415-512-0770
symark@schwartz-pr.com


Copyright © 2008 Business Wire. All rights reserved.
More...



Article : Survey of More Than 800 IT Personnel and Executives Exposes Ubiquity of Orphaned Accounts as a Critical IT Security Vulnerability
Print this article
Share this article
Share on
Del.icio.us
Digg
Facebook
Fark
Google
reddit
Slashdot
StumbleUpon

Have your Say
Name
Email
Subject
Your Comment

Enter Verification code
 
  

 


Choose Theme
Green Earth Blue Earth Orange Earth Purple Earth

Search
 
You can

Current News

News Category
Business
Entertainment
Environment
General
Health
Sports
Technology
World

About us | News Archives | Browse old Archive | Feedback | Disclaimer | Mobile/PDA | News Alerts

The views expressed in the articles are not necessarily those of earthtimes.org and we accept no responsibility for the views or opinions
expressed in the articles either direct or indirect.
© 2008 www.earthtimes.org, The Earth Times, All Rights Reserved | Privacy Policy