The dirty secret about deprovisioning

Your biggest security risk may be your ex-employees

IT departments have to handle a lot of potential security risks: passwords, endpoints, shadow IT, etc. Implementing and managing procedures and technology to protect the business while also ensuring everyone—from employees to customers—has the access they need is challenging. Administrators are focused on giving new employees access so they can start working and addressing new access, password, and other requests from existing employees to keep them productive. So maybe it’s not a surprise that de-provisioning employees who have left often takes a back seat.

Ex-employees still have access

One in twenty organizations reported they have no way of telling whether people who left their organization still had access and 32 percent of companies reported taking more than a week to deprovision an employee who has left. In another survey, over 13 percent of people reported they could still access a previous employers’ systems using their old credentials.

Not good.

Failure to deprovision leads to costly breaches

Relying on the good faith of ex-employees turns out to be a bad idea. In OneLogin’s survey, 20 percent of the respondents reported that failure to deprovision employees from corporate applications contributed to a data breach at their organization.

Companies like Transformations Autism Treatment Center (TACT) have experienced the cost of a failure to deprovision. When behavioral analyst Jeffrey Luke was terminated, TACT took his hardware and changed his email login address. But it failed to realize that Luke had access to a cloud storage drive—which the analyst used to steal patient records after leaving the company.

The impact for companies is huge: an average cost of a breach is $148 per record and $7.91 million per breach in the U.S.. Breached companies underperform the market for years, and 60 percent of small businesses fold within six months of an attack.

Why does IT fail to deprovision?

With so much at risk, why do organizations fail to offboard employees quickly? It’s a combination of factors:

  • It’s hard to keep track of all the apps and systems employees use
  • Shadow IT means employees may have access to apps that IT doesn’t even know about
  • IT departments are often understaffed and underfunded
  • Getting new employees provisioned and keeping employees productive takes priority
  • Deprovisioning is time-consuming—especially when you have to offboard users one app at time

Cleaning up the deprovisioning process

At its core, the problem is a technology one. As a company grows, it’s nearly impossible to track all the apps used by employees, contingent staff, vendors, etc. That’s why saavy organizations use identity access management (IAM) tools. With a good IAM solution, one that integrates with all the organization’s HR and other directories, administrators can track apps with minimal effort. In addition, an IAM lets IT onboard users to the appropriate apps based on role, and then offboard with the flip of a switch.

Given the enormous potential cost of a breach, IAM is an investment that organizations are increasingly willing to make.

Thank you! We have received your details. Our sales teams will reach out to you shortly.

We’re passing along your contact information to our experts.

Something went wrong, please try again.

Register Now to Watch this Video

Register to Watch Recorded Demo Videos

All Fields RequiredFields Required*

  • Please enter your first name
  • Please enter your last name
  • Please enter company name
  • Please enter your job title
  • Please select number of employees
  • Note: Please enter a work email address only as we DO NOT accept web-mail addresses (gmail, yahoo, hotmail, etc.)

    Is that a correct business email address?
  • Please enter your phone number
  • By completing and submitting this form, I agree to the storing and processing of my personal data by OneLogin as described in our Terms of Service and Privacy Policy.

Related Resources:

Ghost Story - The Haunting Presence of an Ex-Employee

Just because an employee has left, that doesn’t mean they’re out of your corporate life—or that you’re out of danger.

Read more

Together, SSO and MFA secure access and address the technology industry’s password problem

Find out how SSO and MFA together are key to protecting your tech company’s corporate data and intellectual property.

Download the paper

User Onboarding, Offboarding, and Everything in Between

Learn about the most common blind spots in employee onboarding and offboarding.

Read the Blog

Real-time user provisioning

Learn how automated provisioning and de-provisioning saves time and money.

Read more