Half of ex-employees still have access to corporate applications
Businesses aren't doing enough to guard against the security risks presented by ex-employees, according to new research from identity management firm OneLogin.
The study finds that nearly half (48 percent) of respondents are aware of former employees who still have access to corporate applications, with 50 percent of IT decision-makers ex-employee's accounts remaining active once they have left the company for longer than a day.
In addition 44 percent of respondents don't have confidence that former employees have been removed from corporate networks at all. According to 20 percent of the respondents, failure to de-provision employees from corporate applications has contributed to a data breach at their organization.
A quarter of respondents take more than a week to de-provision a former employee and a further quarter simply don't know how long accounts remain active once the employee has left the company.
Not surprisingly given the above, 41 percent are not using a security information and event management (SIEM), which would help enforce login policies across the entire application portfolio and provide businesses another layer of security.
"The bottom-line is that companies aren't following very basic but essential security measures around employee provisioning and deprovisioning," says Alvaro Hoyos, chief information security officer at OneLogin. "This should be a cause for concern among business leaders, especially considering how many data breaches are caused by ex-employees. That said, at least now we're at a point where we are acknowledging there is a problem. The next step is going to be for IT decision-makers to be proactive about addressing this issue. Modern enterprises need technology that can automate the provisioning processes to help companies become more secure, productive, and efficient."
Photo Credit: O Driscoll Imaging/Shutterstock