FAILURE TO DEPROVISION former employees has caused a data breach at 20 percent of the companies represented in a recent study from identity management provider OneLogin Inc., based in San Francisco, and Arlington Research. Moreover, nearly half of respondents are aware of former employees who still have access to corporate applications, with 50 percent saying ex-employees’ accounts remain active once they have left the company for longer than a day. And 32 percent say it takes a week to fully deprovision former workers.
The survey polled 500 U.S.-based IT decision makers who have some level of responsibility over the company’s IT security. All of the companies represented provision and deprovision employee logins in-house.
Alvaro Hoyos, chief information security officer at OneLogin, says the results are not surprising, as it’s a known issue every IT department faces. Part of the challenge is visibility, he says. Before cloud, to get applications “you went through accounting or IT, and you had 100 percent visibility to all the applications a user had,” he says. Now with cloud services and shadow IT, “you have sprawl,” making deprovisioning more difficult.
Hoyos says there are other reasons deprovisioning isn’t always prompt, or complete. One is HR not having either timely or any communication with the IT department. The human factor is another, he says. HR may simply not know it’s supposed to tell IT when someone leaves the company.
In terms of confidence, the research finds that 55 percent of respondents are very confident that all former employees can no longer access corporate applications, while 44 percent are not confident. Being confident can lead to errors, however, Hoyos says. “If you’re confident, there will be a percentage who are unaware of the realities of [former] employees still having access to applications. The ones who are not very confident are being very conservative.”
Hoyos says organizations need to adopt technology that will provide better visibility into what applications users are accessing, and tools that will help onboard and offboard personnel in a more centralized manner.
Yet the research finds that half of respondents don’t use automated solutions for deprovisioning corporate applications. Moreover, only 55 percent of respondents use a security and information management tool (SIEM) to check for application use by former employees.
Hoyos says adopting a strategy and technologies that allow both prevention and detection around deprovisioning “increases the chances you will see that someone forgot to deprovision someone from the system.”
Image source: Pixabay