Have Your User Accounts and Access Control Gone Wild

User accounts are constantly in flux at nearly every organization. Ideally, a digital identity is created when an employee joins the organization; modified appropriately when the individual assumes new responsibilities, relocates or changes his or her name; and deleted when the employee leaves the organization. In that ideal world, all users have exactly the rights they need to do their jobs — no more, no less.

Over time, changes pile up and the enterprise may discover it can no longer be sure that users have access to only the resources they need to do their jobs or even that accounts are deleted promptly when a user leaves the organization. The organization recognizes that it is at risk of security breaches and compliance violations. But cleaning up the existing identity store — and keeping it cleaned up — can seem like insurmountable tasks

Managing the user identity lifecycle is far more complex and comes with far less transparency.

Do any of these situations sound familiar?

  • A user changes roles within the organization. She is given the new permissions she needs to do her new job, but she retains permissions from her old role that she no longer needs.
  • An employee is required to fulfill several roles simultaneously, perhaps due to restructuring, and the authorizations are issued quickly, without proper review.
  • An employee is asked to cover for another person who is on leave, but the additional access rights that were meant to be temporary are never rescinded.
  • A user leaves the company and his account is not deleted promptly, or even at all. • An individual is authorized to act as both a purchaser and an authorizer at the same time because the role conflict was not visible.

This complexity and lack of transparency in user identity management add up to one thing: security risk. Organizations, of course, are keen to mitigate this risk — but the challenge of cleaning up their existing identity stores can seem overwhelming.


Learn how to manage user accounts now. Download this informative tech brief: Reduce Risk by Cleaning up and Maintaining your User Accounts.

For additional information check out the One Identity Manager Scalability and Performance Tech Brief.

Anonymous