Insufficient access removal for terminated employee leads to audit finding, and potential breaches. During the COVID-19 breakout many employees transitioned to work from home schedules. Many employees and contractors will carry on working from home even after the pandemic subsides. In this rapidly changing work dynamics, organizations of all sizes should examine their employee termination process. As soon as the decision to terminate an employee has been made, IT admin should receive a near real-time notification. IT admins are typically responsible for securing data, managing access to resources and maintaining permissions and access rights policies across the assets.
In our research we found that organizations
with employees between 250 to 1500 display varying degree of Automated
Provisioning and De-provisioning maturity. Unsurprisingly, a
large percentage of companies and non-profit organizations have manual
deprovisioning where the onus of timely withdrawing employee access across
systems and databases is spread across the reporting manager, HR, IT
administration.
Based on our experience configuring our SaaS
product to help SMB companies manage employee termination, we recommend the
following:
Use a software that automates termination
workflow between HR system and downstream systems. Many of our customers use SecurEnds
easy integration with service management systems such as Jira, ServiceNow to
open deprovisioning tickets. Others prefer to use our Active Directory
connector to deprovision employees.
Refer back to the latest user access reviews
to know what system the terminated employee had access to. Unless your
organization has done periodic evaluation of employee entitlements, there is no
way to know with 100% surety what access the employees enjoyed beyond just what
his role allows.
SecurEnds recently hosted a tailored demo for a
banking prospect. Their main use case was employee provisioning and
deprovisioning. They were looking for an easy-to-use solution that empowers
business managers to make entitlement decisions for their employees and drive
the deprovisioning. Currently, the IT
team manually provisions and deprovisions employees. Although
provisioning was inefficient leading to access delays for the new hire,
deprovisioning was the biggest concern as IT was not always notified in a
timely fashion when HR terminated the employee. As it turned out, this prospect
needed a workflow that tied JML events to their JIRA ticketing system while
logging the changes for audit trail. Simple. We agreed that a real time
connector was a future thing.
SecurEnds
is helping a number of Credit Unions and Community Bank achieve IT controls and compliance.
Our lightweight, highly configurable and industry first flex-connector product
can be earliy deployed on your on-prem. Our product an easily bolt on to your
existing single -sign-on solution to make a comprehensive end to end identity
management solutions. In only 30 minutes we can demo why our
SAAS software is now a leading choice for identity governance
No comments:
Post a Comment