Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Revoking network access to former employees is not enough

Aveksa : 10 November, 2009  (Technical Article)
Brian Cleary of Aveksa gives his view on preventing insider threats resulting from former employees in the wake of the Stens Corporation breach
When employees terminate their relationship with a company, it is vital that the IT department has automated procedures to remove access to all enterprise information resources to ensure that they secure their sensitive data and systems quickly and effectively. Many IT organisations are quick to remove network access privileges because many information resources are secured by the firewall, but this isn't sufficient enough. The accounts to information resources must also be revoked.

Accounts that have not been removed and are still active are known as orphaned accounts that can create audit findings for financial, industry and privacy regulations as well as introduce serious access related business risks to an organisation, such as realised in the Stens incident where two employees were found to have accessed their former company IP for competitive advantage.

Surprisingly, having orphaned accounts to information resources is quite common in both small and large organisations as IT departments struggle to keep pace with the amount of requests for initial user access or change to existing access coming from the business. Providing or changing access becomes the priority because IT doesn't want to be a barrier to the business being able to move forward. Revoking access at the specific information resource level takes second priority if the user's network access has been de-provisioned, but as stated this is a false sense of security.

As more and more data, information resources and services are moving into the cloud, this becomes a control nightmare for IT organisations because information resources that can be accessed via the web can't be controlled with network login. What's worse is that many IT departments are unaware of how many cloud based applications and services the organisation is actually using so they don't have the visibility to know what to revoke.

To prevent incidents such as Stens Corporation's, organisations need to implement an access governance change management control framework that provides access visibility to all information resources both within and external to the enterprise, the control to understand whether the access is appropriate for the user's functional role or task, the on-going monitoring to ensure that access risk is being dynamically managed and the use of automatic access event-driven rules to understand what actions need to be taken when access change is requested or detected.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo