IT departments have to handle a lot of potential security risks: passwords, endpoints, shadow IT, etc. Implementing and managing procedures and technology to protect the business while also ensuring everyone—from employees to customers—has the access they need is challenging. Administrators are focused on giving new employees access so they can start working and addressing new access, password, and other requests from existing employees to keep them productive. So maybe it’s not a surprise that de-provisioning employees who have left often takes a back seat.
One in twenty organizations reported they have no way of telling whether people who left their organization still had access and 32 percent of companies reported taking more than a week to deprovision an employee who has left. In another survey, over 13 percent of people reported they could still access a previous employers’ systems using their old credentials.
Relying on the good faith of ex-employees turns out to be a bad idea. In OneLogin’s survey, 20 percent of the respondents reported that failure to deprovision employees from corporate applications contributed to a data breach at their organization.
Companies like Transformations Autism Treatment Center (TACT) have experienced the cost of a failure to deprovision. When behavioral analyst Jeffrey Luke was terminated, TACT took his hardware and changed his email login address. But it failed to realize that Luke had access to a cloud storage drive—which the analyst used to steal patient records after leaving the company.
The impact for companies is huge: an average cost of a breach is $148 per record and $7.91 million per breach in the U.S.. Breached companies underperform the market for years, and 60 percent of small businesses fold within six months of an attack.
With so much at risk, why do organizations fail to offboard employees quickly? It’s a combination of factors:
At its core, the problem is a technology one. As a company grows, it’s nearly impossible to track all the apps used by employees, contingent staff, vendors, etc. That’s why saavy organizations use identity access management (IAM) tools. With a good IAM solution, one that integrates with all the organization’s HR and other directories, administrators can track apps with minimal effort. In addition, an IAM lets IT onboard users to the appropriate apps based on role, and then offboard with the flip of a switch.
Given the enormous potential cost of a breach, IAM is an investment that organizations are increasingly willing to make.
Just because an employee has left, that doesn’t mean they’re out of your corporate life—or that you’re out of danger.Read more
Find out how SSO and MFA together are key to protecting your tech company’s corporate data and intellectual property.Download the paper
Learn about the most common blind spots in employee onboarding and offboarding.Read the Blog
Learn how automated provisioning and de-provisioning saves time and money.Read more