Dormant accounts refer to the same vulnerability as excessive access rights, but from the perspective of the application or other resource for which access rights must be granted. The most typical cause of a dormant account is that a user no longer needs access to the an application due to having been assigned another role or transferred to a different department. In some cases, dormant accounts exist because the user was over-provisioned in the first place; it's not uncommon for a manager to clone the rights of the most senior (and therefore most entitled) person in a department as a hedge against having a new employee blocked because an application right wasn't anticipated initially. Dormant accounts can also exist due to over-provisioning resulting from inaccurate role definitions or simply human error.
A study from IDC that was based on a survey of over 400 respondents revealed that as many as 60% of all accounts on most systems are expired. And as IDC points out, since this is a requirement across all major regulatory frameworks, a company with a high percentage of dormant accounts could fail multiple audits including SOX, EU privacy laws, HIPAA and PCI.
Cloud Compliance is developing an Identity and Access Control (IdAA) solution to identify and provide tools to remediate dormant accounts. Our tools enable root cause identification, and provide the necessary insight for remediation and process improvement. Furthermore, due to our global visibility as a cloud-based SaaS solution, we capture statistics industry-wide that our customers can access for setting their own policy benchmarks. Finally, the Cloud Compliance SaaS solution requires no software to install, maintain and operate, no appliances to deploy, no consultants, advisors or professional services to deploy, and no huge upfront capital expense to incur.
More Top Audit Findings
Identity and Access Assessment (IdAA) Demo
Click here to see the demo!