Thursday, December 25, 2008

Security holes with orphaned accounts

A survey of 850 security/IT managers found that orphaned user accounts are more prevalent that expected: 42 percent do not know how many exist within their organization.

IT Exposes Ubiquity of Orphaned Accounts as a Critical IT Security Vulnerability
Other key findings from the survey include:

* Approximately 27 percent of respondents said that more than 20 orphaned accounts currently exist within their organization.
* More than 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month.
* More than 38 percent of respondents said that they had no way of determining whether a current or former employee used an orphaned account to access information, while 15 percent said that this has occurred at least once.