Do your Applications continue to have orphan accounts?

By April 19, 2018 No Comments
What is an Orphan Account?

An Orphan Account is an account belonging to a user who has since left the organization while his account and the accesses associated to the account are still active. These accounts have somehow slipped past the de-provisioning paper trail. Such accounts can be exploited to gain unauthorized access to sensitive information and resources. These accounts create holes in your security that can leave them open in perpetuity.

What are the different types of Orphan Accounts?

1. Terminated Users Accounts
2. System/Generic Accounts, which are mapped to any users
3. FTP Accounts, which are used by multiple stakeholders
4. Potentially Malicious Accounts

Another important security issue faced by most organizations is when they allow employees to install certain type of applications with their personal account and without the interference of the IT team. When an employee leaves the organization it sometimes happens that his colleagues continue to use such an application with the same login credentials. Such an account now becomes a shared account which is even harder to track by IT teams.

What is the Traditional or Manual Termination Process?

How can Access Review as a Service (ARaaS) help you?

When an employee leaves an organization unflagging his identity can ideally be completed in 5 seconds. This completely depends on how well their IT groups understand the concept and importance of Provisioning and De-provisioning.

Access Review as a Service a vital part of Provisioning & De-Provisioning. User access review is a process that an organization implements to actively monitor and verify the appropriateness of a user’s access to applications based on an understanding of the minimum necessary access for users to perform or support business functions. The responsibility for granting access and performing periodic verification of proper access rests with the application owner.
What is Xpress ARaaS?

Xpress ARaaS is an Access Governance tool by ILANTUS that helps enterprises address business challenges, such
as continuous compliance, user access review/recertification and consistent access monitoring across heterogeneous applications. This solution can help in automatically manage orphan accounts across applications in the following scenarios:

➤ Immediate notification after an employee has left the organization
➤ Identification of Orphan Accounts
➤ Remediation of Orphan Accounts
➤ Deletion or disable all Orphan Accounts across applications
➤ Better management of shared accounts
➤ Change password of the shared accounts
➤ Notify the other active user or admin with new random generated password

Xpress ARaaS solution can help configure and run review campaigns for all reviewers at defined intervals. The solution will send review campaigns automatically to all configured and dynamically found manager, application owners, internal auditors, etc. to review the orphan accounts.

In the process of reviewing orphan accounts reviewers can take the following actions:


Manish kumar Podhar
Global Practice Head – Access Governance( EMEA & APAC)

IAM Expert

Author IAM Expert

More posts by IAM Expert

Leave a Reply