Identity Management Not Secure in Many Companies

A recent study by Stanford University found that many companies' identity management practices are so poor that it's easy for ex-employees and others to steal information and use it for criminal purposes.

For example, 43 percent of the companies surveyed said it took longer than two days to revoke the network access of terminated employees, and 15 percent said it took longer than two weeks. At the same time, 48 percent of companies said it takes more than two days for new hires to get access to systems they need and 10 percent said it takes more than two weeks.

Anecdotal examples gathered in the survey reveal almost as much as the statistics. For example, an employee at a global investment bank who went to work for a competitor was able to access her voice mail months after she left, giving her access to all internal banking announcements. According to survey respondents, a common practice in their companies is for employees to share passwords for even the most critical systems. On average, the study found, an administrator needs to manually enter redundant data in four different applications or systems each time a user changes departments or a new user is added.

To see the complete study, go to www.novell.com.

Copyright © 2004 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 14, No. 1, 3/05