First off, what is an Orphan account?
Orphan accounts are the accounts that have somehow slipped past the de-provisioning paper trail. Those accounts that still have organizational access to systems without a valid owner.
For instance – Tom, the Sr. IT Manager, with elevated access to systems, gets in an accident on the way to the office. He gets a big settlement from the insurance company and retires without cleaning out his desk.
Imagine what could happen if a Rogue Employee were to search Tom’s office and discover his notebook full of sensitive information and passwords to systems.
A lot of school districts that we talk to don’t know how many orphaned accounts exist in their network. While others know they have orphaned accounts, but have no procedures in place to locate them.
Abandoned and orphaned user accounts can be exploited to gain unauthorized access to sensitive information and resources. These accounts create holes in your security that can leave them open in perpetuity.
A clear process for automating the provisioning and de-provisioning of access and user accounts can help to avoid these issues.
When a staff member is forcibly removed or leaves, de-provisioning his or her identity and access from your entire network can become a never-ending task. Or, it could take as little as 5 seconds.
How does your school district manage orphaned user accounts?
The actual answer, in this scenario, as to who you should worry about, is no one.
Let us share with you how our RapidIdentity solution has helped other school districts by giving them the ability to de-provision orphaned accounts through automated processes.