Ensure security with always-accurate account validation.
As organizations grow and people come and go, accounts are sometimes left in an active state well after an employee (contractor, vendor, volunteer, student, etc.) has gone. A full-featured Identity Management solution will deal with most of these issues, as long as the defined business processes are followed. However, best practices dictate that validation mechanisms also be deployed to ensure policy enforcement.
Identity Automation’s Account Validation Solution identifies stale accounts in Active Directory and other LDAP Directories by:
- Storing last log-in dates
- Comparing the directory to a complete source of valid users
When stale accounts are identified, a report can be emailed to appropriate staff members and automatic action can be taken such as disabling, moving, or deleting the accounts.
Identity Automation’s Account Validation Solution can also look for the presence of rogue administrative accounts that may be created by IT staff who may have malicious intentions or may be trying to work around tight governance controls such as a Privileged Management solution. Whenever such a rogue account is identified, the account can also be disabled, moved, or deleted, and other important data such as the account creation date/time can be emailed to appropriate staff members.
Implementing Account Validation in conjunction with Privileged User Management is an excellent best practice approach to ensuring that your organization is taking all the necessary steps to ensuring compliance and decreasing the risk of unauthorized data access.