Orphan accounts, also known as orphaned accounts, are user accounts that have access to corporate systems, services, and applications but do not have a valid owner. These accounts are the opposite of active user accounts, which belong to active employees. Types of accounts that are susceptible to becoming orphaned include Active Directory and OpenLDAP accounts.
Orphan accounts are often created when an employee leaves a company, transitions into a new role, or no longer needs a specific account. To prevent orphan accounts, organizations should have a process in place to deactivate accounts properly in these scenarios. Companies should preserve accounts that are no longer necessary for a brief period, in case of a status change. However, once this grace period is over, the account should be deleted and all its information should be removed. This process is called deprovisioning. Failure to deprovision accounts results in the creation of orphan accounts that are unused but still exist.
Orphaned accounts pose significant security risks and should not exist within a company. For example, if a bank employee quits but retains access to their employee credentials, they could potentially have unauthorized access to customer accounts. If attackers discover orphan accounts, they can exploit them to gain access to an entire system.
The security risks associated with orphaned accounts include acting as an attack surface for unauthorized users. Even though these accounts are unused, they can still provide access to sensitive data and intellectual property. Additionally, if application accounts are not properly deprovisioned, they can continue to operate and consume resources such as bandwidth. Orphan accounts also become weaker and more vulnerable over time, as they do not evolve with security practices. Lastly, orphan accounts increase the probability of illegitimate access, as credential sharing or hacking can allow unauthorized users to access a system.
To avoid orphan accounts, organizations should conduct audits of user accounts to quickly identify and remove them. These audits should determine the resources that legitimate accounts need to access, the business purpose of each authorization, and detect accounts that are not being used regularly or do not follow security protocols. By identifying these factors, organizations can ensure that only authorized users have uninterrupted access to required information while orphaned accounts are removed.
In conclusion, orphan accounts are user accounts that have access to corporate systems but do not have a valid owner. They are created when employees leave a company or no longer need a specific account. Orphaned accounts pose security risks and should be avoided through proper deprovisioning and regular audits.
English 
Albanian 
Serbian 
Croatian 