Automated user provisioning is about more than efficiency. In fact, respondents to a Spiceworks survey predicted IT automation would be the most impactful technology trend in 2020. Automation, when it comes to user provisioning, is also about security, and IT organizations open themselves to errors and financial risks when they manually provision users.
4 Risks of Manual User Provisioning
1. More Opportunity for Error
If you’re manually provisioning a new user, you run the risk of giving them more access to organizational resources and data than they need to get their jobs done. You don’t, for example, want to grant every new hire in the engineering department write permissions for vital data or use a single EC2-user account for server access in AWS® just because it’s easier.
Instead, the best practice is to only grant users access to the resources they need to do their jobs well, which is easier to do with a standard workflow and other tools in place to guide the process. From a central cloud directory, IT admins ensure users have one authoritative identity that flows to permitted resources with a single click.
Beyond that, mistaken data entry (i.e. typos) leads to lost productivity for users and wasted time for admins who have to correct them. This might have lower consequences than mistaken access permissions, but automation mitigates both.
2. Reduced Visibility
If you manually provision new users to their resources, you likely don’t have visibility from a central console into who is accessing what within the organization. It will therefore be harder to detect shadow IT or pinpoint errors when troubleshooting.
Let’s say, for example, that a user has an unbound Mac® they use to access company data. An admin would struggle to monitor whether full disk encryption or other security configurations are enforced and couldn’t easily install patches or otherwise ensure the OS is up-to-date. They also might not have a comprehensive view of each SaaS app that users access and route company data through either.
Manual user provisioning also leads to challenges in audits and compliance with regulatory schema because it’s less systematic and harder to document.
3. Miscalculated Licensing Fees
When manually provisioning, you run the risk of provisioning more users than needed for services that require licensing and charge by user count — or missing users during deprovisioning who remain on your balance sheet with unused accounts.
This is a financial challenge because you pay for more than you use, as well as a security challenge in the case that users who’ve left the organization might still access company data.
4. Manual User Deprovisioning
If you’re manually provisioning, then you’re also manually deprovisioning, which is arguably riskier than any of the above scenarios. Whether an employee quits or is fired, their accounts shouldn’t continue to act as a gateway to organizational networks.
Recent cases have garnered headlines in which ex-employees held G SuiteTM credentials ransom, used company social media accounts, and lowered hotel rates. The result isn’t always so nefarious but is nonetheless critical — lingering credentials and unneeded accounts represent organizational risks.
Being able to suspend user access to systems, apps, networks, and files instantaneously is a powerful security feature and an important requirement in achieving regulatory compliance across industries.