Insufficient access removal for terminated employee leads to audit finding, and potential breaches. During the COVID-19 breakout many employees transitioned to work from home schedules. Many employees and contractors will carry on working from home even after the pandemic subsides. In this rapidly changing work dynamics, organizations of all sizes should examine their employee termination process. As soon as the decision to terminate an employee has been made, IT admin should receive a near realtime notification. IT admins are typically responsible for securing data, managing access to resources and maintaining permissions and access rights policies across the assets. In our research we found that organizations with employees between 250 to 1500 display varying degree of provisioning and de-provisioniong maturity. Unsurprisingly, a large percentage of companies and non-profit organizations have manual deprovisioning where the onus of timely withdrawing employee access across systems and databases is spread across the reporting manager, HR , IT administration.
Recently, a disgruntled vice president of healthcare company hacked his former employer’s systems and sabotaged shipments of crucial medical equipment meant for frontline workers fighting COVID-19. Investigation revealed that few months before his termination, he had created a fake account in the company’s package shipping system . He logged in using the fake account within few hours of access being cut off for his legitimate account. This unfortunate incident highlights everything broken with the companies Joiner-Mover-Transfer process, and lack of access review governance. Based on our experience configuring our SaaS product to help SMB companies manage employee termination, we recommend the following:
- Use a software that automates termination workflow between HR system and downstream systems. Many of our customers use SecurEnds easy integration with service management systems such as Jira, ServiceNow to open deprovisioning tickets. Others prefer to use our Active Directory connector to deprovision employees.
- Refer back to the latest user access reviews to know what system the terminated employee had access to. Unless your organization has done periodic evaluation of employee entitlements, there is no way to know with 100% surety what access the employees enjoyed beyond just what his role allows.
SecurEnds recently hosted a tailored demo for a banking prospect. Their main use case was employee provisioning and deprovisioning. They were looking for an easy-to-use solution that empowers business managers to make entitlement decisions for their employees and drive the deprovisioning. Currently, the IT team manually provisions and deprovisions employees. Although provisioning was inefficient leading to access delays for the new hire, deprovisioning was the biggest concern as IT was not always notified in a timely fashion when HR terminated the employee. As it turned out, this prospect needed a workflow that tied JML events to the their JIRA ticketing system while logging the changes for audit trail. Simple. We agreed that a real time connector was a future thing.
SecurEnds is helping a number of Credit Unions and Community Bank achieve IT controls and complaince. Our lightweight, highly configurable and industry first flex-connector product can be earliy deployed on your on-prem. Our product an easily bolt on to your existing single -sign-on solution to make a comprehensive end to end identity management solutions. In only 30 minutes we can demo why our SAAS software is now a leading choice for identity governance
Abhi Kumar | LinkedIn