What are Orphan Accounts?
An orphan account is an account that does not belong to a valid identity and it is not clear who the account belongs to. Orphan accounts pose a risk to a company’s IT security. First of all, the account may have belonged to an employee who has left the organisation. This can lead to a higher susceptibility of being compromised or misused, as the account is still active and can be used without the owner’s awareness. Secondly, orphan accounts may result from a failure to properly de-provision accounts when an employee is no longer part of the company. By somehow escaping the paper trail of user account deprovisioning, these accounts expose chinks in the company’s IT security armour, without the IT team being in the know about these flaws. Furthermore, orphan accounts can be hacked into and exploited, enabling people with malicious intents to obtain unauthorised access to the company’s resources and data.
To make matters worse, employees may have installed external applications and services without informing the company’s IT department, which creates a presence for shadow IT. When an employee exits the company, their colleagues may still utilise these external applications for work matters, using the same set of login credentials to access the applications. The orphan account is thus a shared account which act as a backdoor. As the shared account is not under the monitoring and control of the company, such backdoors go unnoticed by the IT team, allowing hackers to use the orphan accounts as backdoors. They can thus easily bypass the IT team’s security systems and proceed to disrupt organisational operations and wreck havoc from the inside. Many IT departments have a fear of killing off these orphan accounts due to the possibility of hindering crucial business processes and operations, which may lead to the IT departments not actively seeking out orphan accounts and sealing any security holes.
The creation of orphan accounts can be traced and linked to provisioning systems themselves. To execute the provisioning and de-provisioning process of user accounts, a lot of manual work is required. In some scenarios, the amount of work needed to deprovision an account is extensive due to the complicated nature of the provisioning systems, with technologies that are a mess to deal with. The provisioning and deprovisioning systems therefore create a lot of inconsistencies in the provisioning and de-provisioning processes, culminating in the presence of orphan accounts that have been left undocumented and have not been reliably deactivated.
How To Deal With Orphan Accounts?
With identity and access management (IAM) services in place, the processes of account provisioning and deprovisioning can be streamlined and automated. This reduces the manual workload on IT teams, while ensuring that IT security will not be compromised. Accounts will be appropriately deactivated whenever employees leave the organisation. Through the cleaning up of orphan accounts, holes in IT security can be plugged, stopping any hackers. With modern IAM, organisations can mitigate security risks arising from the presence of orphan accounts.