How Automated Offboarding Can Keep Your SaaS Stack Safe

Amid ‘The Great Resignation,’ the damage from employees (or contractors) leaving an organization might be one of the most significant risks facing IT teams today. The latest research from Verizon’s 2021 Data Breach Investigations Report finds that insider threats are responsible for around 22% of security incidents and Cybersecurity Insiders find that approximately 98% of organizations feel vulnerable to insider threats.

When an employee leaves their role, it’s very uncommon to see an automated process for offboarding them from the organization’s environment. To the untrained eye, this might seem like a relatively simple task. Yet, as organizations move to software as a service (SaaS) models and continue to scale, the offboarding process becomes increasingly unmanageable and costly, especially as the number of users, devices, licenses and applications grows.

What happens is that IT and security teams lose track of who is coming and going, who requires permission to specific tools, who is authorized for access to a certain application and so much more. Next thing you know, an employee leaves a job, but their users’ access is left in place. This exposes organizations to unauthorized data access and a wide variety of associated risks.

Effective cybersecurity protection is directly tied to the number of users and identities that can access the organization’s systems. In addition, this also has an ROI aspect in which each license incorporates costs: the cost of securing the environment and the cost of the license itself. A simple way to reduce cost and mitigate risk is to deactivate users who no longer need access.

It Doesn’t End with Disablement

Offboarding doesn’t end when disabling or removing a user from an active directory or identity and access management platforms (IAM). Technically speaking, there are ways to automate offboarding using SCIM and JIT mapping protocols. However, it requires a high level of maturity in an IT environment and the staff to implement it.

For organizations not implementing SCIM or JIT, offboarded employees may still have local credentials on some of their regularly used SaaS platforms or other sensitive systems. There are a few best practices to keep in mind when it comes to taking old users off systems, otherwise known as deprovisioning.

  • Communication: IT teams must work with human resources and other internal groups to keep an up-to-date record of all users with access to company systems. To be truly effective, businesses should establish a communication channel to keep the security team abreast of any events impacting user inventory – from new hires and promotions to terminations.
  • Clarity: In addition to keeping track of intended system users, IT teams require user discovery capabilities that account for the full breadth of systems each person may be accessing, including those in legacy environments, like on-premises systems, and in the mushrooming cloud environment.
  • Control: IT teams need to develop onboarding and offboarding protocols that account for the full extent of privileged employee computing access. Without the communication and clarity provided by a thorough inventory of users, systems and access, security teams will find a gaping information hole to which old employees might retain access.

SSPM is Crucial to Offboarding

When businesses run nearly every facet of their operations using a wide array of interconnected cloud services, many have yet to update the way they monitor their business-critical apps. To deprovision effectively, businesses must be able to monitor the day-to-day changes occurring within their organization.

As a solution, security teams should introduce a SaaS security posture management (SSPM) solution that will alert them to inactive users and act upon revoking their users immediately.

An SSPM provides proactive, continuous and automated monitoring capabilities, delivering clear visibility into the entire SaaS ecosystem, and sends detailed, timely alerts at the first sign of a security glitch or misconfiguration.

When deprovisioning these accounts, orchestration tools give security teams an easy way to integrate security capabilities into an automated deprovisioning workflow. This vastly simplifies the process, reducing the amount of time it takes to fully deprovision users and ensuring that no accounts are left active. As a result, no matter how an organization’s workforce changes, they have a built-in approach to offboarding that will help keep their SaaS stack safe.

What’s Hot on Infosecurity Magazine?