Application Auditing

May 27, 2008

Several weeks ago our Software Development Manager took the time to review all database’s and software applications for orphan user ID’s. He found some. These user ID’s were people no longer employed with us, in some cases customer accounts that had wanted to view some “pre-release” version of something years ago. All these accounts were very old and pre-dated both of us.

Still, this should never happen – processes should be in place to ensure that old accounts are removed immediately upon either change in a resources role, or upon their leaving the organization.

This article by Brian Prince quotes;

The article also references the recent LendingTree data breach, where former employees gave away their login ID’s – these ID’s had never been canceled.

In this time of Software as a Service, (SaaS) this can be even more critical. If you leave old employees accounts active within a database or tool on your network, they still have to get access to the network to utilize the account – with Software as a service – they can do it anywhere in the world. An orphan login account in a hosted tool could enable a former employee to retrieve every sales account and phone number you have.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s