Terminated users who still have access are just as likely to penetrate enterprise systems as current employees....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Former employees who retain access are considered by the information security industry to be insiders, making them part of any insider threat.
Besides blocking a terminated user for simple security reasons, removing these users is required for compliance with regulations, such as Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA). Both of these regulations require regular auditing of access controls and reporting of active accounts. It makes regulatory sense to monitor and remove terminated users from all groups.
You need an identity management system that not only provisions accounts, but also audits and removes stale accounts. When shopping around for such a system, make sure it can automate provisioning and provide auditing and reporting of active and inactive accounts. These systems should automatically flag an account that hasn't been active for a set time period, such as 30 days.
There are a number of tools on the market that can easily erase ex-employee IDs, provision new ones and change access levels. The Identity Management Suite from BMC Software Inc. has a tool called BMC User Administration and Provisioning, formerly called CONTROL-SA. The tool automates provisioning of accounts for as many (or as few) groups as a user needs access to. It also provides complete auditing and reporting capabilities for both compliance purposes and for use internally by your information security team. It also automatically removes expired users, preventing terminated employees from accessing your systems -- no matter how many groups they were in. Another product, PowerPassword from Symark Software International, offers similar access management controls but is strictly for Unix- and Linux-based systems. PowerPassword also provides logging and auditing features required for compliance.
For more information on termination procedures see Chapter 6 of my book, The Little Black of Computer Security. The chapter Managing Human Resources is excerpted on SearchSecurity.com.
For more information:
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.