Companies failing to heed warnings on employee deprovisioning, research warns
More than half of employees surveyed by identity management provider OneLogin admit they still have access to corporate applications from former employers.
The study, which was based on a survey of 500 US-based IT decision makers, found that almost half (44%) of respondents lack confidence that former employees have been removed from corporate networks. A quarter of those polled said their organisation takes more than a week to remove a former employee from their records, while another quarter did not know how long accounts remained active once employees had left.
In addition, nearly half (48%) of those polled said they were aware of former employees who still have access to corporate applications. Two in five (41%) admit to not using a security information and event management (SIEM) product to help with employee de-provisioning.
“The bottom line is that companies aren’t following very basic but essential security measures around employee provisioning and deprovisioning,” said Alvaro Hoyos, OneLogin chief information security officer. “That said, at least now we’re at a point where we are acknowledging there is a problem.
“The next step is going to be for IT decision-makers to be proactive about addressing this issue,” Hoyos added. “Modern enterprises need technology that can automate the provisioning processes to help companies become more secure, productive, and efficient.”
This has been a problem this publication has reported on various occasions. A study from Intermedia back in 2014 but the number of employees who could still access applications like Facebook and Salesforce at 90%. As columnist Rick Delgado put it at the time, concerning more nefarious means: “As businesses start to understand the inherent dangers posed by disgruntled workers, they need to put into practice methods which can prevent attacks. Disgruntled former workers represent a new worry for business leaders, but they’re one that can be managed with the right preparation.”
Three years on, and it appears little has changed.
- » What is the deal with wearables in the enterprise today?
- » Symantec to acquire Skycure to bolster mobile security play
- » Digital transformation drivers uncovered in Dimension Data report
- » Microsoft adds Check Point to EMS security partners, joins Zimperium and Lookout
- » The key ways remote access is impacting the future of work