Are your accounts closed?

Network negligence can leave corporates vulnerable to attack.

Network users' slack system management is creating a security risk, industry experts have warned.

Rob Enderle, research fellow at Giga Information Group, said maintenance on user accounts has become an important networking issue. He warned that negligence in closing accounts after a user left the company could subject corporate networks to the mercy of disgruntled ex-employees, temps or contractors.

Enderle argued that organisations usually deploy multiple software applications, with separate accounts to set up. After creation, each login needs maintenance and closure when users leave the company.

But the complexity of the account maintenance process was prone to create "orphan accounts", which remained open even though users had left the company.

"It means an important security risk. Fraud cases often involve temps who used their system account after they left the company," he said.

Even IBM has been known to have left accounts open three months after the employee has left.

Software company Access360 last week presented enRole, a product that aims to reduce time spent on account creation from a typical five days to 10 minutes, and simplify maintenance and closure of accounts.

Enderle said the product held an advantage over competing products as it works across all systems, while IBM or Microsoft products only work for their own range of software.

Brian Anderson, developer-turned-chief marketing officer at Access360, said enRole integrates separated system accounts into a single point of administration. This ties into the HR system to verify if employees exist, and flags accounts where system authorisation exceeds job title.

"An international oil company recently started using our product, and found they had 80,000 orphan accounts. This number is not unusual in large corporations and network managers should plug this gap in their security," he said.

Rob Bruce, executive vice-president at InterX, said a similar product may have been useful when the company laid off a quarter of its workforce.

"We shut down the network to rule out abuse," he said.