This is not only an information security best practice, but it may also be required for regulatory compliance.
Let's first deal with the information security side of the issue. Inactive user IDs can come back and haunt you in the form of vengeful system access by former users. An ex-employee is considered an insider because his or her user ID may still be active, meaning it's still possible to access your systems. A former employee who leaves on bad terms may be even more likely to wreak havoc on your network than a current employee, but instead of showing up in your logs as a hostile intruder, the attacker will merely be listed among the current users.
Keeping old user IDs active for auditing purposes is also foolish. Access management systems like Active Directory (AD) can be used for tracking and logging historic activity of a user ID without having to keep an account active. There are also forensics tools that do the same.
As for compliance, regulations like Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) all require regular auditing of access controls and reporting of active accounts. Auditors and regulators won't be happy if they find stale, mistaken or otherwise extraneous user IDs that are not attached to current employees when combing through your reports.
So what you describe, besides not being a best practice, could also land your company into a lot of regulatory trouble.
For more information:
Dig Deeper on Enterprise User Provisioning Tools
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.