Manage

Creating a user account management policy to delete old accounts

If you're not deleting orphaned accounts, you may be leaving the door wide open to attackers. In this expert response from Randall Gamby, learn how to create an effective user account management policy for getting rid of old accounts.

Randall Gamby, HP

Our enterprise is creating a policy for disabling inactive accounts. The CIO believes we should contact these individuals' supervisors before disabling; is this a good idea? It seems like having to contact all supervisors before deactivating might really complicate and lengthen the disabling process. Would it be better to have a default deactivation policy after a certain period of inactivity?

Actually, when it comes to a user account management policy, I think you should have both a default deactivation policy for inactivity, along with a verification process involving local supervisors to ensure deactivation is necessary. If a user hasn't accessed an account after a specific period of time, the account should be orphaned -- the user no longer needs access but the account is still active -- and it's important to delete old accounts.

However, with that said, workers take maternity leave, projects get delayed due to budget constraints, employees...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

come down with unexpected illnesses or need to care for loved ones, etc. No system can recognize these cases; only supervisors, and possibly HR. So, when it comes to people, make sure to consider the human issues, which are the domain of supervisors: They'll know whether an employee will return tomorrow, in a few days, or never.

In the worst-case scenario, such as you disable an account just in time to find out that the worker is returning the next day, and you need to re-enable it, experience says that re-enabling doesn't simply involve making a call, but rather following a process that could take hours or days. I'd suggest following your CIO's advice.

This was last published in April 2010

Dig Deeper on Privileged access management

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading

The FIDO authentication framework: What do enterprises need to know?

Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading

Which is safer: an HSM appliance or a virtual appliance?

A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

Lyft's open source asset tracking tool simplifies security

Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset ...

Understanding the CSA Cloud Controls Matrix and CSA CAIQ

Uncover how the CSA Cloud Controls Matrix and CSA CAIQ can be used to assess cloud providers' controls and risk models, ensure ...

5 steps to a secure cloud control plane

A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are ...

SearchNetworking

Network device discovery best practices -- other than ping sweeps

Traditionally, ping sweeps are the go-to method for network device discovery. But, by creating a network script, you can discover...

How to monitor network traffic in 7 steps

Effective network monitoring is an ongoing process that requires constant vigilance by IT groups. This step-by-step plan can ...

When to consider managed SD-WAN services for your business

SD-WAN offers promising benefits, like the ability to use multiple ISP links, but managing those links can prove challenging. ...

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being ...

What is the state of CIO tenure today?

CIO tenure remains significantly lower than other C-suite positions, and according to experts, it's a result of the age of ...

The evolution of RPA, from macros to process transformation

RPA evolved from technology debuted in the 1950s and '60s and was developed to today's standards by the industry's leading ...

SearchEnterpriseDesktop

New Ivanti CEO plans to stay close to the customer

New Ivanti CEO Jim Schaper is no stranger to the C-suite of an IT company. And he's got a plan to push the company forward.

With support for Windows 7 ending, a look back at the OS

With support for Windows 7 ending and Microsoft ushering in the end of life for the OS, tech experts and IT pros look back at its...

Image-level methods for Windows application deployment

Imaging is a crucial process, but IT must also consider application deployment. Here are methods to deploy different types of ...

SearchCloudComputing

AWS multi-account management best practices with Control Tower

With the help of AWS Control Tower, organizations who own and operate multiple cloud accounts can manage them all under one roof ...

Beat vendor lock-in with a cloud exit strategy

Without a comprehensive cloud exit strategy, an organization might fall victim to vendor lock-in and find itself dependent on ...

Google Cloud support premium tier woos enterprise customers

Google Cloud has rolled out a new Premium Support offering aimed at deep-pocketed enterprises with larger, more complex ...

ComputerWeekly.com

Computer Misuse Act ‘crying out for reform’

Group of campaigners says the Computer Misuse Act of 1990 risks criminalising cyber security professionals and needs reforming

Aeris gears up for connected vehicle joint venture with VW

Connected technology provider forges joint venture with leading automotive manufacturer to improve service flexibility and speed,...

ICO code sets out digital privacy standards for children

The Information Commissioner’s Office has published its Age Appropriate Design Code, a set of 15 standards that online platforms ...

orphan account

Enable Disable Win10 Administrator Account

Mobile payment service Venmo closes security holes after user compromise

built-in administrator account

Please create a username to comment.