Securing boarding in the spotlight as tech layoffs rise


Increased turnover puts a strain on existing offshoring processes — especially manual ones — for departing employees and contractors. Recent high-profile layoffs at major tech companies have highlighted this problem.

Meanwhile, efforts to limit access to sensitive corporate information are becoming more complex as data access points multiply.

The rise of distributed workforces, cloud computing, working from home and shadow computing suggests that a comprehensive offshoring policy is needed, aided by automation.

A recent survey by Oomnitza, however, revealed that almost half of IT managers have doubts about their company’s integration and disintegration automation capabilities.

The study found that a third of companies lost more than 10% of their technology assets when offshoring workers, and more than four in 10 (42%) said they had experienced unauthorized access to SaaS applications and cloud resources.

Deployment of ETM to harden devices and applications

Ramin Ettehad, co-founder of Oomnitza, explains that enterprise technology management (ETM) solutions, with built-in integrations, rich analytics and simplified workflows, enable organizations to define and improve in permanently the processes of integration and disintegration.

“They can strengthen the onboarding user experience by ensuring the right devices, accessories, apps and cloud resources are available from the start so the new hire can be productive from day one,” he said. declared.

These solutions can also enable secure offshoring by ensuring endpoints and their data are secure, software licenses are reclaimed, and access to systems, SaaS, and cloud resources is deprovisioned.

Additionally, departing workers’ emails, apps, and workplaces can be automatically reassigned to ensure business continuity.

“All of this is achieved with true process automation across teams and systems, and is not driven by tickets and requests, which rely on manual workloads and are prone to delays and errors,” adds Ettehad.

Cyberhaven CEO Howard Ting explains that most organizations today have a single sign-on product that can disable an employee’s access to all applications with a single click and device that can remotely lock and wipe a laptop.

“While many companies today disable access as soon as they notify employees they are being laid off, or even before, people can sense what is coming and they preemptively collect customer lists, design files and source code in anticipation of loss of access,” he adds.

When an employee voluntarily resigns, companies have even fewer tools to prevent data exfiltration because the employee knows they are going to leave before their employer.

While many organizations are monitoring employees more closely from their resignation notice until their last day, a Cyberhaven survey found that employees are 83% more likely to take sensitive data in the two weeks before their notice when they are less monitored.

Coordination of relocation programs

According to Ting, the best employee relocation programs are coordinated between HR, IT, IT security, and physical security teams working together to protect company data and assets.

The HR team finalizes departures and notifies employees, the IT department ensures that access to company applications and laptops are closed in a timely manner, the physical security team deactivates access to facilities of the company and the IT security team monitors unusual behavior.

“These teams perform specific tasks in order on the day an employee or group of employees is laid off,” he says.

Ting adds that he also sees more and more companies monitoring employees who put company data on personal devices or apps. Upon departure, they make the employee’s departure agreement conditional on the return or destruction of company data.

Ettehad adds that managing and enabling a remote workforce today requires leaders to break down silos and automate key technology business processes.

“They need to connect their key systems and orchestrate rules, policies, and workflows across the technology and employee lifecycle with rule-based, conditional automation of all tasks across teams and systems. “, he says.

The need for a “controlled emergency”

Tom McAndrew, CEO of Coalfire, calls for a “controlled emergency” to meet the challenge of safe offboarding.

“When we look at identity management more broadly, it can often be a complex issue, spanning many applications, internal, external, SaaS, on-premises, etc.,” he says. “Identity strategy is the focal point. The fewer identity and access control sources there are to manage, the more automation can support these large-scale operations.”

He argues that when HR and information security aren’t working as a team, it’s easy to see platforms spinning to solve point solutions rather than looking at “what if” scenarios.

“Every system that is not integrated with a central identity platform becomes just another manual task or another tool to invest in to solve a problem that could have been avoided with careful planning,” says- he.

McAndrew adds that a dishonest employee with authorized access to critical and sensitive information poses a significant threat.

“When you look at the potential risk of a disgruntled member of staff, combined with an HR team struggling to manage a substantial scale of departures, it’s easy to make mistakes and for frustrated or disgruntled staff to take matters into their own hands. in hand,” he says.

He warns that it can also lead to legal complications, often requiring additional professional forensic support, making a bad business decision even more costly.

Unauthorized Access to SaaS, Cloud Apps a Major Challenge

Corey O’Connor, chief product officer at DoControl, an automated SaaS security provider, points out that unauthorized access to SaaS applications and cloud resources is an identity security issue for both human and machine identities.

“However, preventive controls and detection mechanisms could help mitigate the risk of unauthorized access,” he explains.

This means that having full visibility and a complete inventory (i.e. users, assets, applications, groups and domains) will allow security and IT teams to put in place the appropriate preventive controls. .

“From there, implementing detection mechanisms that identify high-risk or abnormal activity” is the next step, he says.

Application-to-application connectivity, including machine identity, must also be secure; otherwise, the organization increases the risk of supply chain-based attacks.

“Machine identities can be overprivileged, unauthorized, and out of sight of the security team,” he says. “When compromised, they can provide unauthorized access to sensitive data in the application they are connected to.”

This means that human and machine user identities require preventative controls and detection mechanisms to reduce risk.

Detect exfiltration, manage apps

Davis McCarthy, senior security researcher at Valtix, a cloud-native network security services provider, says that post-pandemic, many organizations have increased their use of various cloud and SaaS platforms.

“Because different departments use different applications and some people integrate interim solutions, IT departments have found themselves drowning in the white noise of XaaS, with no standard way to manage it,” he says.

While IT administrators usually lock the company email account when relocating, former employees may still gain access to unknown services containing sensitive data.

“Leaving aside the idea of ​​an insider threat, if one of these unknown services is hacked and requires a password change, no one can know to take action,” he warns.

McCarthy says network defenders need to determine where sensitive data is stored and develop ways to detect exfiltration.

“Deploying an outbound filtering solution limits how a threat can exfiltrate data, while providing the visibility needed to verify that it hasn’t occurred,” he says. “The impact of stolen data varies by industry, but most data breaches result in fines and loss of customer trust.”

He adds that while IT security teams get bogged down in managing all the SaaS applications an organization uses, having too many of their own tools is also a burden.

“Deploying scalable multi-cloud management tools that consolidate policy visibility and enforcement reduces their operational overhead,” says McCarthy.


Comments are closed.