Out with the old, in with the new!
As we wrap up another year, now is a great time to perform an account audit of your systems, networks and applications. Accounts that belong to staff members who may have left the organization are a primary focus for this process. Begin by inspecting your primary data store or identity tree against a current list of employees from HR. If you find accounts for people not on the list, then flag those accounts for investigation.
Likely, you will discover accounts for people who have left your organization or for services that are no longer needed. These accounts should be disabled and removed as soon as possible. Many organizations argue against these audits because they claim that they have controls in place for employee terminations. While this may be true, a quick review of a list of departed employees should still be performed at least yearly as a control to make sure that the process is being followed.
Another area to look at along these lines is to audit the system and application rights of folks who may have moved from one line of business or department to another. Often, their accounts are mis-configured and may give them rights to access data that they no longer need. These should also be investigated and refined as soon as possible. Don’t forget to ensure that routers, network gear and off site systems are included in the audit.They often house old accounts long past their prime.
Do this and you’ll save resources for the New Year! Here’s to a prosperous and successful 2012 for you and your organization!