AGOURA HILLS, Calif. - May 19, 2008 - Symark International, developer of the PowerSeries information security solutions for managing privileged account access, today announced the results of a survey of more than 850 security, IT, HR and C-level executives across all industries. Conducted by eMediaUSA, the survey focused on orphaned accounts user accounts that remain active after an employee has left a company and the processes organizations have in place to locate and terminate them. The study revealed that 42 percent of businesses do not know how many orphaned accounts exist within their organization, and 30 percent of respondents said they have no procedure in place to locate orphaned accounts.

Orphaned accounts represent a significant problem among organizations across all industries. Unfortunately, many IT staffs tend to be overworked and as a result, these open accounts are often overlooked, said Sally Hudson, research director, security products and services, IDC. Whenever an employee leaves an organization, IT and security administrators should make it a priority to shut down their access immediately. Failure to do so creates gaping holes through which hackers, or malicious insiders who are familiar with the IT environment, can access and pilfer sensitive material.

Other key findings from the survey include:

• Approximately 27 percent of respondents said that more than 20 orphaned accounts currently exist within their organization.
  
• More than 30 percent of respondents said it takes longer than three days to terminate an account after an employee or contractor leaves the company, while 12 percent said it takes longer than one month.
  
• More than 38 percent of respondents said that they had no way of determining whether a current or former employee used an orphaned account to access information, while 15 percent said that this has occurred at least once.

Controlling access to proprietary systems and information continues to present an IT security challenge. In fact, in our upcoming research report entitled IT Governance, Risk and Compliance Management in the Real World, gaps in access and entitlements control, and the significant audit defects resulting from them, are one of the concerns most frequently mentioned in focus interviews, said Scott Crawford, research director at Enterprise Management Associates. The significant threat posed by the existence of orphaned accounts contributes to this issue, and our findings on this topic align with the results of Symark's survey. For example, one IT auditor revealed that in a 5,000-employee financial services firm, 43 percent of existing access rights were either excessive or should have been retired.

By now, most security professionals understand that a vast majority of data breaches involve some sort of insider impropriety. However, the threat from within continues to remain a major hurdle, largely due to the sheer number of avenues available to an employee to carry out malicious activity, said Bob Farber, chief executive officer at Symark International. As the sobering results of this study demonstrate, orphaned accounts represent a major security and compliance challenge and are often overlooked as a potential threat vector. It is clear that organizations must implement polices and technologies to ensure that user accounts are terminated swiftly as soon as the employee leaves the company, especially for large, international enterprises managing locations across the globe.

About Symark International

###