In an article published by the online edition of Computer Weekly, the author, Adrian Davis, takes the access control problem and puts it on the table. He points out three of the most encountered flaws in corporate access systems.

So, by giving credit to the publisher and his author, here are some red flags you should be aware of if you are security manager in a corporate environment.

Access control is becoming increasingly complex as workers become more mobile and access data on a multitude of devices. Managing identity and access is difficult and time-consuming, but there are three key areas to be improved.

The movements of people in and out of a company can become a problem for the management when the control of the access in different areas is working on complicated parameters. Every identity changing its place can consume a huge load of time by forcing other employees to operate access rights in the system. Companies should not rely on chaotic corporate access systems. They need to define guidelines for joiners, movers and leavers that would cover internal, supplier and consumer access.

User rights are important as every individual is changing positions inside the same organisation. In most companies, such internal professional movements are adding new rights to the user’s access devices but they never revoke the past rights. These types of account, where rights have accrued over time, are the ones hackers really want to compromise when trying to infiltrate a system.

The so-called super accounts are the most important entities of identity and access systems. Many organisations do not carry out simple security steps, such as changing account names from ‘administrator’ to less visible or guessable terms, nor do they track these accounts’ activity adequately.