Employees are a constant insider risk — they can expose, leak, or steal data from the organization at any moment with their existing access. Because of this, IT professionals have a common mandate to mitigate insider risk.
According to the survey in this blog post from Beyond Identity:
83% of respondents continued accessing accounts from their previous employer after leaving the company.
56% of respondents said they had used their continued digital access to harm their former employer.
24% of respondents admitted to intentionally keeping a password after leaving the company.
74% of employers have been negatively impacted by an employee breaching their digital security.
As the total average annual cost of insider threats reaches $15.4 million USD, companies want to know how to prevent offboarding insider threats. This year’s Great Resignation and Great Layoff highlight offboarding as a critical aspect of the employee lifecycle where the employer’s security threat is highest and employee security hygiene is lowest.
This blog post will explore the following:
The Current State of Security Concerns in Offboarding
Why Simplify Offboarding
Minimizing Security Lag When Offboarding
The event of an employee leaving the company prompts the HR and IT teams to work together in phasing out the employee’s access to the company’s systems. Each company may have different offboarding processes but best practices consist of two recurring themes:
returning physical items such as devices, physical cards, key fobs, or
expiration of digital keys, certificates, and credentials
These necessary steps prevent malicious ex-employees from corporate sabotage or making rash decisions. Anything that needs to be done in the physical world realistically needs to be done in the digital world.
The problem lies in the lag between corporate decision and HRIS action. Compliant employees are rarely a problem, but not all offboarding is done with compliant employees or contractors. Some may bear a grudge against their former employer. In both cases, company best practice should be to limit access by retrieving physical items and expiring credentials (e.g.: access keys) as soon as possible.
There is no reason to allow employees continued access into a company’s network and systems after they are no longer on HR’s payroll. The employee is no longer with the company and that means any continued access is a possibility of a security breach or exploit. The earliest moment a company knows that a user’s incentives are no longer aligned with the company’s is the moment the company’s systems should begin limiting that user’s privileges.
A good example is Block’s recent data breach as a result of an ex-employee using their access credentials to download sensitive data. This resulted in Block “contacting approximately 8.2 million current and former customers to inform them about the incident, as well as applicable regulatory authorities and law enforcement.”
Even more currently, consider the process Coinbase is using as they cut 18% of their workforce:
Affected employees received a notification from human resources. If so, the memo was sent to a personal email as Coinbase cut off access to the company systems. Armstrong called it the “only practical choice” given the number of employees with access to customer information, and a way to “ensure not even a single person made a rash decision that harmed the business or themselves.”
While we have no direct insight into Coinbase’s exact process for notifying terminated employees and cutting off access, we can only imagine it’s a complex series of moving parts that requires the HR and IT teams to be communicating at all times. This often manual but always necessary process introduces operational overhead and increases the probability for human error.
There are few existing automated processes for cutting off access. The ones that do rarely go beyond checking whether an employee’s status is terminated, which does not reflect the many existing nuanced needs organizations face every day. Employees have various contextual “states” — such as vacation, administrative leave, or more — that should be taken into account when their accounts request access.
In the era of normalized remote work, infrastructure and access systems should be automated to take external sources of context into account for access decisions. Companies that fail to automate and simplify critical aspects of their offboarding process run the risk of negligent or malicious insider attacks.
This brings us to the next point: How can a company ensure the offboarding process is a smooth deprovisioning of access?
All access and privileges an employee has should be revoked or limited the moment the company’s HR systems update the employee’s status. Even better, the system should have a status for employees that are transitioning out, giving them just enough access to participate in the transitioning phase where knowledge and procedures can be passed on but not enough to cause security breaches. There should be no lag time between an employment termination and the expiration of that employee’s keys and credentials.
The company should have full confidence that the ex-employee retains no previous access by the time an their HR status is updated as “no longer working at the company.” Any company that can not verify this with confidence may have an infrastructure rife with security gaps.
Companies can improve upon their offboarding process through leveraging their HR data in their access policy decisions. Incorporating external data sources when making access policy decisions allows the organization to validate a user’s keys and credentials against that user’s current employment status for access decisions. We call this use of external data sources “context-aware access.”
Human resource information systems (HRIS) are a strong use case for incorporating contextual data into access decisions. A properly configured context-aware gateway can integrate data sources such as:
Group memberships
Role
Employment status
Out of the office
Physical or network location
and more, depending on the organization’s needs
Here’s an example of this in action: An internal account tries to access the organization’s network while the account holder’s HRIS status indicates they are on vacation. Depending on the context of the access request, the system might grant access to non-sensitive data while denying access to sensitive systems.
The result is a network protected from a breach attempt if the access request originated from a bad actor, or an internal user able to access non-sensitive resources while on vacation without losing productivity. No manual action needs to be done by the organization’s HR or IT teams, mitigating the risk of human error.
As companies struggle with the aftermath of data breaches, ransomware, and malicious insider attacks, prevention has always proved to be more effective than dealing with the aftermath. Pomerium’s v0.18 release makes Pomerium the only reverse proxy to feature support for context-aware access, an integral component of zero trust architecture. Context-aware access is increasingly necessary as the workforce shifts to remote-work and organizations open their internal infrastructure up to the dangers of the internet.
Pomerium is the top choice for companies looking for an open-source context-aware access gateway to manage secure, identity-aware access to applications and services. Our customers depend on us to secure zero trust, clientless access to their web applications everyday.
Check out our open-source Github Repository or give Pomerium a try today!
Stay up to date with Pomerium news and announcements.
Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.
Company
Quicklinks
Stay Connected
Stay up to date with Pomerium news and announcements.