What Are Orphan Accounts and What Can You Do About Them?

Updated: Jul 16, 2019

Open hand with a key lying on top of it

People change jobs all the time. Whether they change employers or switch within the same company, it’s inevitable. It’s equally inevitable that this entails quite some extra work – mainly administrative tasks – on the employer’s side. One of those tasks is to delete all passwords and close all accounts the former employee was using. This seems like a logical and important step and yet it is often overlooked. This leads to the existence of so-called ‘orphan accounts’, which could be hazardous for your company.

What are orphan accounts exactly?

An orphan account is any account that can provide access to an organization’s systems, without a valid owner, they can be considered as the opposite of an active user account. Orphan accounts are mostly caused when people stop working at a company. As mentioned, when people change jobs, they often leave behind a lot of accounts that they no longer need and they don’t bother with cleaning this up. Switching jobs is not the only reason that leads to the existence of orphan accounts. Accounts can also be abandoned if a user’s mail address is changed, if the user gets a new role in the company or because a new platform is installed.

Threats under the radar

Even though an orphan account does not have a valid owner, it still provides access to corporate systems, services and applications, which might include sensitive data and intellectual property. Orphan accounts are therefore associated with high security risks. A single account that falls into the wrong hands could lead to your entire system being at risk. Because orphan accounts are considered part of the organization, people with access to one of these accounts could cause a lot of harm without triggering any suspicion.

It’s pretty clear that these accounts should be taken care of as soon as they lose their valid owner. The problem with orphan accounts however, is that they tend to disappear out of sight and quietly slumber somewhere deep under the radar. This could be due to the IT department being busy with other things and forgetting about it. The orphan accounts could also be created without IT being notified and thus they can’t be managed afterwards. A lot of people probably think that the risks will eventually fade away over the years, but unfortunately, the opposite is true. This is because orphan accounts aren’t up-to-date with security best practices, and they will therefore become more vulnerable over time.

Because of the stealthiness of orphan accounts, they can spread like weeds and the security risk can easily spiral out of control. Companies could end up with thousands of these accounts without even being aware of it. And it happens more than you think. According to a study by Thycotic, 55% of organizations fail to remove privileged accounts after an employee is terminated. This number only covers privileged accounts, the total number of orphaned accounts is probably a lot higher.

The importance of de-provisioning

The issue of orphan accounts is situated within the joiner-mover-leaver process. Every part of an employee’s “lifecycle” at a certain company needs to be properly managed. Whether it is someone joining an organization or someone leaving, specific action needs to be taken. This is done through provisioning and de-provisioning, which are two identity and access management (IAM) processes to grant or remove access, respectively. The first one usually gets the most attention, people who join a company need to be given access to certain systems or resources to properly execute their job. However, de-provisioning is equally important, when a staff member leaves the company, all the relevant accounts need to be properly and completely deactivated. It is common sense that departing employees need to hand over the keys of their company car, so it should be just as obvious to terminate their keys to the organization’s network.

The identity and access management of a company should always contain an efficient approach to de-provisioning. It is paramount that a company possesses the right tools to easily terminate orphan accounts. It is arguably even more important to be able to find orphan accounts in the first place. Therefore your IAM architecture should also include a smart access governance solution that can easily find and keep track of existing orphan accounts.

When you keep track of where the risks lie, half the work is already done.

Where Elimity comes in

Elimity provides smart IAM solutions on top of its identity analytics platform. One of its core features is that it enables you to scan the access rights of all current and former employees on the fly, allowing you to easily take care of orphan accounts.

Did you like what you read?

Subscribe to our blog and always stay up-to-date on our latest posts

Related posts