Offboarding processes pose security risks as job turnover increases: Report

Organizations across multiple industries are struggling to mitigate potential risks—including loss of end-user and storage devices as well as unauthorized use of SaaS applications—during their offboarding process, according to new research conducted by YouGov in partnership with Enterprise Technology Management (ETM) firm Oomnitza.

Over the last 18 months, employee turnover has increased, with the US Department of Labor estimating that by the end of 2021, a total of 69 million people—more than 20% of Americans—had either lost or changed their job. Although these figures could initially be attributed to the so-called Great Resignation, this figure is likely to increase due to the numerous job cuts that are now being reported—including layoffs at major technology companies—as organizations look to reduce operational costs.

Although the circumstances of an employee’s departure can sometimes make the offboarding process more complex, ultimately offboarding should aim to prevent disruption and mitigate any potential risks.

However, in YouGov’s 2022 State of Corporate Offboarding Process Automation report, the research found that although implementing a secure offboarding processes is now seen as a business imperative for enterprises, 48% of the survey’s respondents expressed deficiencies in or lack of automated workflows across departments and IT tools to facilitate the secure offboarding of employees.

The report is based on questions answered by 213 senior level information technology professionals in the US across multiple industries.

When an employee leaves an organization, reclaiming company-issued property is a vital step, as corporate devices often contain sensitive company or customer information.

However, when surveyed, 50% of all respondents said they’d lost at least 5% of IT assets—including end-user and storage devices—during offboarding, while 28% of organizations lost at least 10% of tech assets, which can have significant security and financial implications.

Small and medium enterprises, defined by YouGov as having under 10,000 employees, were 43% more likely to lose a significant number of tech assets (10% or higher) than large enterprises, with technology and manufacturing organizations have poorer asset reclamation, more than 35% reported losses greater than 10%, compared to other industries.

Healthcare organizations ranked the worst for tech asset reclamation however, with 50% of healthcare respondents saying they had lost between 10%-20% of company-owned assets when offboarding employees and contractors.

It’s not just the loss of physical technology that impacts organizations during the offboarding process. With increasing SaaS and cloud adoption, revoking access to applications, network and cloud infrastructure is essential to prevent unauthorized access, data loss and security exposures.

Despite the security concerns, YouGov found that 42% of respondents experienced up to 5% of instances of unauthorized access to SaaS applications and cloud infrastructure due to deprovisioning deficiencies of former workers. One fifth of the survey’s respondents had more than 10% of instances, while 17% didn’t know the extent of unauthorized access stemming from incomplete deprovisioning of employees and contractors

Furthermore, one third of medium and large organizations reported between 5%-10% of instances of unauthorized access to SaaS and cloud resources after employees or contractors left their company.

Once again, enterprises with fewer employees reported 37% higher instances of unauthorized access to SaaS applications and cloud infrastructure post worker departure, with the technology, healthcare and services sectors once again faring the worst for having large numbers of unauthorized access instances to SaaS and cloud resources by former workers.

In comments published alongside the report, Arthur Lozinski, CEO and co-founder of Oomnitza said that the pandemic and the Great Resignation placed a “huge strain on enterprise onboarding and offboarding processes,” to the point where automating them has become priority one for just about every company.

By conducting this research, Lozinski said not only would it help to quantify the amount of technology loss and risk due to inefficient processes, but it would also underscore the importance of taking a cohesive, holistic approach to fixing them.

http://www.computerworld.com/category/security/index.rss