Why Not Terminating Former Employee Access Is An IT Risk

By Rajat Bhargava Posted December 21, 2015

Cloud-security

Departed employees pose a significant risk to an organization. Most organizations have poor off boarding processes, because terminating employees doesn’t happen that often. The problem, though, is that if employee access is not terminated everywhere, then a former employee can access your company’s data, applications, and systems whenever they want. A recent study shows that 89% of employees still have access to a previous employer’s credentials. 89%! That’s an astounding statistic for any IT organization.

Why do departed employees still have access to company resources?

Virtually 9 out of 10 of your previous employees can, with valid credentials, access your company’s network, because access was never revoked. Just because they can, will departed employees use their credentials? While the Intermedia study didn’t clarify that point, you can safely assume that former employees will access your company’s network after they depart.

While it’s  illegal for a former employee to access your systems, you shouldn’t rely on the law to protect you. In fact, former employee access  shouldn’t even be a problem. With JumpCloud, there is an easy solution for terminating employees access the day they walk out the door.

How do you overcome the challenge of controlling all user access?

The challenge for today’s IT organization is their wide-reaching infrastructure that’s both on-premise and in the cloud. Nowadays, a company’s systems are located on-premises in their own data center, or they are located at Amazon Web Services or Google Compute Engine, the leading two cloud-based infrastructure solutions.. What’s more, applications and data are similarly onsite or in the cloud. With new SaaS-based applications becoming the norm for many organizations, key applications are now outside of IT’s direct control. Data is now more mobile, available on phones, tablets, laptops, or in the cloud. Access to this data can be as simple as a Dropbox or Box account, or through Google Apps. Salesforce customer data or Xero financial data can also be easily accessed if the account is still live.

So, how can IT organizations control access to their disparate IT resources? If 89% of past employees still have access to an account, the issue is the systems and not bad intent on IT’s part. Difficult doesn’t begin to describe what IT encounters when controlling access across all services, devices, and applications.. That’s why Directory-as-a-Service (DaaS) is invaluable. JumpCloud plays a key  part in  user management by centralizing access.. With DaaS, IT can  universally provision and de-provision access across all their systems, at any given time. In fact, Directory-as-a-Service can control access to contractors and vendors, too.

To learn more about how Directory-as-a-Service can help control user access and ensure that past employees don’t have access to your company’s data after their departure, drop us a note. Or give JumpCloud a try – your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts