When Employees Leave, Make Sure Your Data Doesn’t Go With Them

If you let someone into your home to repair your refrigerator, would you let them leave with the keys to the house? Of course not. If you got a divorce, would you let your ex take a set of keys and not change the locks? Generally, no. And yet, organizations today do the equivalent all the time when employees and contractors leave. According to a new report from Osterman Research:

• 67 percent of organizations surveyed couldn’t be sure that they could detect whether an employee who left was still accessing corporate resources
• 76 percent had no way of knowing for sure when third parties such as contractors stopped working on the organization’s systems and data
• 53 percent didn’t have well-established processes and systems for monitoring access to applications and data sources that people used when they were on the job

It’s a big problem, and a serious one that can lead to all kinds of major problems ranging from trade secrets falling into the hands of competitors, to exposure of personal data that it’s illegal to disclose, to putting compliance with regulations governing data privacy at risk.

Technology help is on the way: Identity and access management

The Osterman Research report makes a case for relying strongly on identity and access management technology to help prevent access to sensitive data by people who have left an organization. Combined with carefully considered policies and best practices for employee departures, a governance-based system of identity and access management can make it possible to protect data in several specific ways:

• Control what employees have access to in the first place and enforce that control with risk-based identity governance. If someone only has access to a limited set of resources while they’re on the job, that limits exposure after they’re gone to just those resources—and not to other applications and data.
• Automatically deprovision resources when people leave or change roles, which puts an immediate end to their access to any sensitive information they needed to see while they were with the organization. Having all assets managed through a single identity and access management platform makes it easier to do this, especially if there’s high employee turnover (which Osterman points out is often the case these days).
• Maintain visibility into resources when someone leaves so that any post-employment access issues are immediately apparent. A governance-driven identity and access management system will provide consistent, ongoing visibility into orphaned accounts, inappropriate access and policy violations.

Access to resources after people leave organizations is a big problem, but identity and access management can do a lot to help solve it. Learn more in the Osterman Research report “Protecting Corporate Data When Employees Leave Your Company.”