Prevent risk by deprovisioning terminated employees.  Businesses underestimate the risk of terminated employees.

I wrote in a blog several months ago about deprovisioning security concerns.  My post focused on many organizations in the education sector not terminating access to email accounts.  It was concerning considering the risk these employees likely have access to other corporate or school systems.

I spoke with a prospect last week that struggled with both provisioning and deprovisioning employees.  The company was using scripts written by a former employee, and to their misfortune, the code had broken several weeks after the author left the company.  Therefore, for several months the IT team was manually provisioning and deprovisioning employees.

Provisioning employees took several steps and involved several people.  While new hires were provisioned, simply out of necessity, this manual process became time-consuming and certainly prone to human error.

The concern was deprovisioning.  IT was not always notified when terminating an employee.  In cases where managers and HR followed processes, deprovisioning still had hiccups.

The company also had concerns terminated employees still had access to systems because of the neglect of deprovisioning the accounts.  As you can imagine, this is a valid concern.

A report from IS Decisions stated that over 36% of former employees in the UK and US had continued access to a former employer’s systems or data, with nearly one in ten continuing to use the systems.  This access is unacceptable, and a preventable risk.

As important, enforcing a strict process must be adhered to.  Making that process as easy and automated is critical for manager and IT alike to follow.

The prospect wanted an easy to use provisioning solution, but as important, an easy to use deprovisioning solution.  Offloading the burden via an easy to use web form was a requirement.

Web Active Directory’s PeoplePlatform Meets These Requirements

Allowing for managers, HR, or IT to easily deprovision or update these accounts using a simple web form is the best solution in our experiences with customers and prospects.  Some customers like to do this to multiple records at a time.  It allows for a user-friendly experience and requires minimal time, easily incorporating deprovisioning into the daily routine.

In addition, Web Active Directory’s PeoplePlatform provides both an analytics and a workflow engine called PeopleFlow.  Together, these make PeopleAudit.  Construct specific reports you need (with graphs) without scripting, coding, or using Excel.

Finally, if you want to learn how to prevent risk by deprovisioning employees, please contact us today!