IAM

Does your Applications Continue to have Orphan Accounts

By April 11, 2017 No Comments

What is orphan Account?

Has your Employee already left the organization, and your It Team/Application team has still not deactivated their accounts on application where the user had access before?

This is one of the common mistake that on it group continue to make. Where they don’t manage the user’s account and their responsibilities/ Access/Entitlements/Roles etc.

It can be really dangerous to have such accounts left orphan, where other active users can gain the Access to application such accounts seals potential security holes in the network.

Traditional /Manual Termination process:

 


when an employee leaves the organization , unflagging his/her identity from the  can be a job of 5 seconds changes  to a  never ending process. The organization security with application depends on how good is their IT groups who understands Provisioning/De provisioning . And how quickly it groups can remove the left Employee Access from different -different applications.

Sometimes I have seen some employee installs application with their personal account, users for its official purpose. When this employee leaves the organization, the other colleagues keep using the application with the same login credentials (by now it because a shared accounts) which of course does not fall under best practice, but somehow employee agree not to share it with Audit.

Ilantus helps in automatically manage the orphan accounts

 

  • Right after Employee left the organization
  • All history orphan Accounts identification.
  • Disabling/Deleting all found orphan Accounts across Applications.
  • Better management of shared accounts
  • Where one of the shared Accounts leaves the organization

Ilantus automatically can

 

  • Change the password of the used accounts.
  • Notify the other active user/admin with new random generated password

 

Re-certification camp again automatically sent to Manager/App owner/Internal Auditor/etc to review the orphan accounts, where they can perform their decision.

 

  • Disable Accounts.
  • Delete Accounts
  • Lock Accounts
  • Custom Action etc…
Manju Negi

Author Manju Negi

More posts by Manju Negi

Leave a Reply