As the economy weakens, more and more companies face the risk of
mischief from once-trusted insiders, even when they’re no longer inside
the organization. A survey conducted by access management firm Courion
found troubling new evidence that many companies employ inefficient
methods to shut off access rights to data, and that many also have no
clue that this is a major risk factor.
With so firms bleeding jobs, thin-staffed IT departments can hardly
keep up with their workloads. That's one likely reason that many IT
organizations are failing to support the business as it trims staff in
other departments.
Ideally, IT should be working hand-in-hand with HR to ensure that
employee access to IT accounts is terminated as soon as laid-off
workers leave the building for the last time. Unfortunately, this ideal
isn’t being lived up to, says Brian Cleary, vice president of product
and marketing for access management provider Aveksa.
“The root cause of this problem is the fact that organizations do not
have good access change management processes or controls,” he says.
Courion’s survey shows that almost a third of companies take a week or
longer to ensure that ex-employees have all of their access shut down.
And just under one in ten companies report that they can never quite be
certain that terminated employees no longer have access to IT systems.
Even more troubling: over half of IT managers surveyed were largely
unaware of employee access rights to systems.
One of the major factors leading to the lingering of open ex-employee
accounts, commonly known as orphan accounts, is the lack (or
misapplication) of automated deprovisioning tools. According to
Courion’s poll, 30 percent of organizations still deprovision accounts
manually.
Even when enterprises employ automation to deprovision, the automated
functions may not cover all of the applications under the
organizational umbrella.
“It’s really hard to configure the connectors and configure the drivers
for (these systems) and it takes a long time to do it, so IT tends to
only deploy to applications that have a high degree of change and
churn,” Cleary says. “The user provisioning system does a great job
with those, but the applications outside user provisioning don't get
notified automatically.”
He recalls a customer who recently conducted a manual audit to find
that it was experiencing 40 percent failure rates in account
termination due to this disconnect.
"The time for over-confidence has passed. It is important for IT
managers to close these holes by undertaking regular audits, and
ensuring that employees have access only to the information they need
to do their jobs." said Stuart Hodkinson, general manager at Courion,
in a statement accompanying the survey results.
The evidence is clear that those who can’t or won’t take Hodkinson’s
advice will be exploited by former employees. A survey by the Ponemon
Institute conducted on behalf of Symantec earlier this year found that
of 1,000 workers who had left their employer in the last year, 59
percent intentionally stole data from their organizations.
“Even if layoffs are not imminent, companies need to be more aware of
who has access to sensitive business information," said Larry Ponemon,
chairman of the institute, in a written statement. "Our research
suggests that a great deal of data loss is preventable through the use
of clear policies, better communication with employees, and adequate
controls on data access."
test
