Manage

Creating a user account management policy to delete old accounts

If you're not deleting orphaned accounts, you may be leaving the door wide open to attackers. In this expert response from Randall Gamby, learn how to create an effective user account management policy for getting rid of old accounts.

Randall Gamby, HP

Our enterprise is creating a policy for disabling inactive accounts. The CIO believes we should contact these individuals' supervisors before disabling; is this a good idea? It seems like having to contact all supervisors before deactivating might really complicate and lengthen the disabling process. Would it be better to have a default deactivation policy after a certain period of inactivity?

Actually, when it comes to a user account management policy, I think you should have both a default deactivation policy for inactivity, along with a verification process involving local supervisors to ensure deactivation is necessary. If a user hasn't accessed an account after a specific period of time, the account should be orphaned -- the user no longer needs access but the account is still active -- and it's important to delete old accounts.

However, with that said, workers take maternity leave, projects get delayed due to budget constraints, employees...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

come down with unexpected illnesses or need to care for loved ones, etc. No system can recognize these cases; only supervisors, and possibly HR. So, when it comes to people, make sure to consider the human issues, which are the domain of supervisors: They'll know whether an employee will return tomorrow, in a few days, or never.

In the worst-case scenario, such as you disable an account just in time to find out that the worker is returning the next day, and you need to re-enable it, experience says that re-enabling doesn't simply involve making a call, but rather following a process that could take hours or days. I'd suggest following your CIO's advice.

This was last published in April 2010

401(k) plan

orphan account

A complete guide to buying enterprise accounting software

Enable Disable Win10 Administrator Account

Please create a username to comment.

Privacy-preserving machine learning assuages infosec fears

How Azure, AWS, Google handle data destruction in the cloud

Multi-cloud security strategies rely on visibility, uniformity

How the cloud fractures application delivery infrastructure ops

Why network configuration templates are useful in automation

An automation-first approach enables network predictability

Return-to-office plans stress safety, security, collaboration

6 cognitive automation use cases in the enterprise

5 digital transformation strategies embracing the new normal

Citrix microapps look to ease office reopening

VMware Workspace One unifies reshaped digital workforces

Macs to run on Apple silicon, leaving Intel behind

Review the top sessions from recent cloud conferences

Test your cloud knowledge: VMs vs. containers vs. serverless

Cloud lock-in fears aren't as prevalent as you might think

IR35 private sector reforms: Finance Bill vote denies further delays to April 2021 start date

Locked-down teens flock to NCSC CyberFirst training scheme

Police secrecy over ‘IMSI-catcher’ mass surveillance of mobile phones

Related Resources

Dig Deeper on Privileged access management

401(k) plan

orphan account

A complete guide to buying enterprise accounting software

Enable Disable Win10 Administrator Account

Related Q&A from Randall Gamby

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.