Are Your Ex­-Employees Logging into Your IT Systems?

Written by Rajat Bhargava on November 10, 2015

Share This Article

Don’t think they are? Think again. A study conducted last year by Intermedia reported that 49% of ex-employees admitted to logging into an account from a previous employer. Alarm bells should be going off for IT admins, and IT leaders should be breathing deeply to prevent a panic attack. Let’s all pause and take a deep breath while we contemplate these shocking findings. Half of your past employees are logging into your IT systems. They are previous employees, so why would they be logging in? Clearly they aren’t there to do work for your organization.

Understanding Dormant Accounts as a Security Threat

Not only is that activity illegal and wrong, it is downright scary. Really, at some level this is no different than a security breach. This is unauthorized access to your systems. The problem is that most companies are unaware of this activity. Even if there was awareness, IT organizations need to be more aggressive about solving the core problem and that would be to terminate access to corporate IT resources for any past employee.

As most auditors will tell you, they have uncovered dormant accounts on critical IT assets long after the person has departed. Not only is this a compliance issue, it is a major security threat. Those dormant accounts are unmanaged and there is little, if any, awareness that they even exist and as a result those accounts can be compromised. What Intermedia’s report is suggesting is even more significant, not only are “dormant” accounts on systems, but they are being accessed.

Security Methods Lacking  

Some organizations employ a two-fold solution to this security risk. The first step is to eliminate any accounts that aren’t needed. These could be from previous employees or perhaps even from existing employees who have no need for access to that system. The second step in the solution is to monitor account access. If logins are occurring on systems or applications that shouldn’t be, those events can often be spotted by reviewing the logs. The problem with both of these solutions is that they are not easy to implement. Finding a system that will terminate access across an entire swath of IT resources has been difficult in the past. Also, capturing and analyzing logs from IT resources is a significant challenge.

Directory-as-a-Service Delivers the Solution

Many IT organizations have turned to Directory-as-a-Service solutions to solve this overarching problem. As a cloud-based directory service, the goal of DaaS is to control user access to systems, applications, and networks. Through a web-based interface, IT admins can quickly and easily provision or deprovision access to an entire infrastructure of IT resources. And, if all of your users and IT resources are inside of your Directory-as-a-Service solution, you can be sure that terminating access at the global level squashes any access at the local level. As a next step, auditing and logging information from Directory-as-a-Service can be reviewed to ensure that past employees aren’t accessing your systems. That’s the peace of mind that IT needs from a threat that just should never exist, but does in a pretty significant way.

Drop us a note if you would like to discuss more about how JumpCloud can help protect you from having old accounts still active. It’s a core part of the problem that our platform solves.

Continue Learning with our Newsletter