Failure to deprovision ex-employees from corporate applications is becoming a major problem for many organizations, according to a survey of 500 IT professionals conducted by identity and access management (IAM) software provider OneLogin.
For MSSPs, the survey results are a friendly reminder to build standard operating procedures that ensure former customer employees no longer have system access. The OneLogin "Curse of the Ex-Employees" survey revealed 44 percent of organizations are not very confident that past employees no longer have access to corporate applications.
In addition, the survey showed 48 percent of organizations are aware that ex-employees still have access to corporate applications.
Which Business Function Is Hardest to Deprovision?
According to the survey, the following business functions were the hardest to deprovision:
- Operations (26 percent).
- Engineering/sales (20 percent).
- HR (18 percent).
- Finance/customer support (16 percent).
- Marketing (13 percent).
The survey indicated the time it takes to deprovision an ex-employee can add up quickly, which is reflected in the following survey results:
- 70 percent of organizations take up to an hour to deprovision all of a single former employee's corporate application accounts.
- 50 percent said ex-employees' accounts remain active once they have left the company for longer than a day, 32 percent said it takes a week to be fully deprovisioned and 20 percent stated it takes up to a month or more.
- 25 percent said they do not know how long an account remains active after an employee has left the company.
Also, 20 percent of organizations said failure to deprovision employees from corporate applications has contributed to a data breach, the survey revealed.
"The bottom-line is that companies aren't following very basic but essential security measures around employee provisioning and deprovisioning," OneLogin Chief Information Security Officer Alvaro Hoyos said in a prepared statement. "This should be a cause for concern among business leaders."
Tips for Deprovisioning Ex-Employees
Ex-employees who maintain access to corporate applications can cause significant damage to a company, its brand reputation and its revenues.
MSSPs can offer the following tips to help organizations deprovision ex-employees from corporate applications:
- Develop deprovisioning best practices. With best practices in place, organizations can immediately remove employee access to corporate applications after a worker leaves the company.
- Deploy automated deprovisioning tools. Organizations can use automated deprovisioning tools to streamline the process of removing employee access to corporate applications.
- Manage and monitor corporate application use. Security information and event management (SIEM) and other tools enable organizations to track ex-employee use of corporate applications.
Organizations must be proactive about deprovisioning ex-employees from corporate applications, Hoyos said in a prepared statement.
That way, organizations can find ways to automate deprovisioning and become more secure, productive and efficient, Hoyos stated.