Product Lines
Ruminations on the System i Market
May 27, 2008
Orphans: They Aren't Just for Victorian Novels Anymore
I've been with this company for almost 14 years now, and I've seen many people come and go. I've also seen many people's online administrative access to web-based tools stay, becoming what are known as "orphan IT accounts." At one point in our company's pre-merger-and-acquisition history (i.e., when we were smaller), we had an exit procedure in place for when an employee left the company, and that process included removing all web-based admin access for that person. We've diversified and grown, had a lot of staff turnover, and outsourced and in-sourced various aspects of our infrastructure -- so I don't think we have a formal exit procedure anymore. It's up to the individual departments to try to remember to remove access or send a request to the appropriate department to request that access be disabled for a particular person.
Web-based administration tools are a way of life for many of us these days. Here at Penton, we use web-based tools to post blog entries; add, edit, and manage content on our website; send out e-mail newsletters; access our company e-mail in a browser; and more. We even use it to manage our benefits and other related items. I'm sure we aren't unique in the way we use web-based admin tools. And I'm not even going to mention other, more central types of access, such as LANs and file servers, e-mail accounts (especially web-based access), databases, and VPN.
What got me thinking about all this was a recent post on Computerworld's website, "IT leaves ex-workers' accounts open." A lot of companies are leaving a lot of accounts open!
So, what's your company's procedure or policy? Are there products out there that can help manage accounts? Maybe something that notifies when an account hasn't been used for a certain period of time, so that the system administrator can check whether it's an ex-employee's account? Are there different products for handling web-based tools versus more central-type access, such as for LANs, or the System i? If you're a vendor, here's your chance to post a comment here in our blog and tell us about your System i-focused solution . . . or another solution relevant to our industry. If you're a user (like me) or a systems administrator or someone else in the trenches, give us your perspective and tell us what you do or what you wish you could do to minimize, prevent, or eliminate orphaned accounts.
--Linda Harty, security & networking/connectivity editor
Posted by lharty at May 27, 2008 4:20 PM
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
Blog Policy
We welcome your comments and opinions and encourage lively debate on the issues. However, Penton Media reserves the right to delete or move any content that it may determine, in its sole discretion, violates or may violate its Terms of Use or is otherwise unacceptable. For more information, see Penton Media's Terms of Use.