Home » Data Protection » Network Security

Security's Role in Handling Layoffs

Layoffs are an unfortunate reality in this economic climate. Security has a critical role in helping support both the departing employees and the organization.

By Michael Fitzgerald

Page 4

Shipley adds that so much focus has been on hiring in the last few years that some identity management systems are much better at granting access than revoking it.

Kodak's Jones agrees that centralized provisioning has improved in the last few years. Kodak has moved to centralized provisioning via Sun Identity Manager, and "it's been a big benefit to us," he says.

While deprovisioning has improved, the tools could still be better, he says. "The biggest weakness is the interface between whatever provisioning identity management tool you use and all your applications," says Jones.

Oddly, in this Web-based era, companies tend to forget about access to Web-based software. "I honestly don't know why companies miss this," says Thunberg. "A majority, if not all of these environments, have a way to track them."

Perhaps the weakest point in any deprovisioning process comes from external partners or vendors. When those companies lay people off, they may not deprovision them. Hamilton, of the City of Seattle, says that while you can write contracts and service-level agreements requiring contractors to deprovision people who are laid off, you don't have direct control over the process.

Data Leakage
One day this March, a door was propped open on a floor with important IT systems at the City of Seattle. In fact, the door could not be locked, meaning that anyone could potentially have gained access to systems. Monitoring might have alerted the city to large data dumps taking place, but a data thief could have easily been out the door before anyone could do something about it, says Hamilton.

Hamilton says that he and his staff have to be on the constant lookout to help prevent data leakage. With layoffs pending, he's heightened his monitoring and is considering things like tagging certain employees with special monitoring agents.

Still, there's only so much companies can do with monitoring.

"It's hard to get a handle on data leakage—there's so much data in file cabinets as well as on systems," says Michelle Drolet, CEO of Towerwall, a security consultancy in Framingham, Mass.

Indeed, the Ponemon study found that 61 percent of those who take data take it in hard-copy form.

"TIP: Good employee relations may be the best bet for preventing data leakage."

But there are plenty of ways to know if employees are trying to transfer large amounts of data digitally. And most companies are probably already using them—there is always an insider threat. Kodak's Jones says that companies should set monitoring tools and alerts based on perceived threat levels, "and apply them regardless of whether people are being laid off or not."