A company spokesperson told InternetNews.com that the company could not comment due to an ongoing FBI investigation, but added, "at no time were any of our operations at risk, and the employee under investigation did not have access to customer data so it has not been compromised. The news comes shortly after a report from identity management specialist SailPoint said that most IT departments are unprepared for layoffs because they cannot get a complete view of a terminated employee's access privileges from any one tool.
The IT environment is complex at large companies because business managers rather than IT managers choose what applications are deployed, according to Guy Mounier, CTO of enterprise search enhancer BA Insight. A centralized IT department can impose rational portfolio consolidation, but the reality is that most divisions have strong profit and loss (P&L) responsibilities, and if they value a piece of technology, they will use it regardless of the rest of the company's strategies and goals.
The complexity is growing, according to Brian Cleary, vice president of marketing at identity management company Aveksa, and makes handling layoffs harder. "During a workforce reduction, the first thing the IT department does is pull network access control, but they forget to turn off any back door. Think of all the applications that present themselves via a Web interface. Organizations are missing those and leaving themselves exposed," Cleary told InternetNews.com.
The problem of orphan accounts, which are credentials that are still valid even after their user has gone, is usually discovered during audits, such as those for Sarbanes-Oxley compliance, Cleary added. He said that most IT managers focus on the threat within the IT department, paying less attention to the challenge of managing key experts. "Losing corporate intellectual property (IP) is a big deal," said Cleary.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment