A new survey released by Symark and eMediaUSA indicates the security vulnerabilities associated with orphaned accounts. Orphaned accounts are user accounts that remain active after an employee has left a company. The study reveals that 42% of businesses do not know how many orphaned accounts they have, and 30% have no procedure to locate and remove them.

800 security, IT, HR and C-level executives in all industries were surveyed about orphaned accounts and the processes in place to find and remove them. When an employee leaves an organization, IT and security administrators should make it a priority to shut down access immediately. However, many IT staffers are overworked and this step is overlooked. Failure to terminate employee access creates holes in security that hackers or malicious insiders can access.

Other findings from the survey:

• 27% of respondents say that >20 orphaned accounts exist in the organization
• 30% say it takes more than 3 days to terminate access, 12% say it takes more than a month
• More than 38% have no way to know if an orphaned account was used to access information
• 15% said an orphaned account has been used to access information at least once

The survey indicates, at the very least, that there is a hole in IT security that needs to be patched. In some cases, it is clear that orphaned accounts are still being used, and this is a significant risk to security.

“Controlling access to proprietary systems and information continues to present an IT security challenge… gaps in access and entitlements control — and the significant audit defects resulting from them — are one of the concerns most frequently mentioned in focus interviews,” said Scott Crawford, research director at Enterprise Management Associates.

Larger companies face more complex challenges in managing employee access. Limiting access, and revoking it when an employee leaves the company, is a vital step to ensuring data compliance. Policies and technologies should be put in place that can manage and revoke user access easily.

If your company were surveyed, how well would you fare with these questions? Are there orphaned accounts you may not even realize you have?

Via tech target, business wire ; image anitapatterson @morguefile ; Tags: it security, data security, data access, business security, orphaned accounts