– Brian Cleary, vice president of products and marketing at Aveksa (www.aveksa.com), says:
Why do former company employees still have access to proprietary data and organizational information after they’ve left the job?
Many organizations lack the enterprise-wide visibility into the access that users have and don’t have a governance control framework in place that can manage access related change events such as a termination with a “leaver” control. If an organization has weak manual controls, and no access change remediation/validation process, access to sensitive corporate information can remain after a person leaves and organization. This is especially true with applications that have web interfaces or live outside the firewall.
Why should data center/IT managers be concerned about access management in light of the current rate of layoffs/job cuts, etc?
Information access related risk goes up during a workforce reduction. At the scale that some organizations have had to de-provision users, a lack of automation has made it nearly impossible to revoke access in a timely fashion.
What can data center/IT managers at small to midsized enterprises do to make sure they have access management under control in their enterprises?
Implement a strong access governance framework that leverages a role-based approach for access deliver. This will ensure that access to information resources is appropriate for a particular functional or process role and provides a preventative control point that can be applied at the point of requesting access or making a change to access.