System Accounts

We all have to deal with system accounts that we create and use at work and in our lives. We have access to so many systems at work and create an endless number of accounts online, that it’s become so painful and challenging to manage these accounts. One of the biggest challenges with having so many systems and accounts is that they become very difficult to manage as their numbers grow. In fact, I think we are all doing a lousy job at properly managing these accounts.

We continue to create and occasionally use some personal accounts to access our bank information, network with others, manage our credit cards, and apply for jobs among other things. We seem to create accounts left and right and not always because of our own fault but because more sites require us to create an ID and password even if it’s for a one time use like applying for a job which I think is ridiculous and very dangerous from an identity theft standpoint. As we create these accounts and their accompanying passwords, we sometimes lose track of them and forget our account ID or password assuming we remember we created such account. However, mismanaging a personal account has a much less overall impact than corporate system accounts. Why? Because, although you can greatly suffer if for example your personal bank account is compromised, your system account at the office can inflict greater damage as the account might have access to millions of personal records and other confidential information which if misused can hurt many more people and inflict much more financial damage.

In most companies, there are multiples systems which happen to be decentralized meaning potentially:

a) they have communication problems or in other words one system doesn’t communicate well if at all with other systems for information sharing purposes causing the creation of more than one user account,

b) they are administered by separate groups meaning multiple access requests must be made to add or remove accounts, and

c) account monitoring and management is a painful, redundant and costly process.

When employees need access to more than one system, the process of account management becomes a headache for everyone:

a) the employee must make multiple requests to be added to more than one system,

b) the system administrators must create the same account in multiple systems,

c) employee manager must make multiple requests to remove all access when employee leaves,

d) the Human Resources department must notify more system administration groups to remove or disable departed employee accounts, and

e) the system administrators must monitor more system accounts to detect and disable unused accounts or remove accounts belonging to employees who have left the company.

My corporate audit results have always indicated the unused system accounts to be one of the biggest risks facing the companies. Just in case you’re wondering, some active accounts belonging to departed employees or even unused accounts belonging to existing employees may be vulnerable to misuse and can have huge risk implications if they allow access to sensitive information.

Therefore, it’s very important to limit the number of accounts by carefully assessing the need to create one additional account and consolidating or centralizing as many systems as possible. It’s also important to monitor accounts and streamline the employee departure notification process to remove all unused accounts on a timely basis to prevent any account misuse.

Return to home page from "system accounts".

Identity Protection Insights Newsletter

Effective identity protection requires dynamic and integrated solutions. This site provides awareness, education and many solutions to address the growing problem of identity theft. Please sign up for the Identity Protection Insights newsletter to receive periodic notification of important articles and solutions, major identity theft news analysis, fraud alerts, and other service announcements.

Enter your E-mail Address
Enter your First Name (optional)
Then

Don't worry — your e-mail address is totally secure.
I promise to use it only to send you Identity Management Journal.