Secure Offboarding in the Spotlight as Tech Layoffs Mount

A secure-by-design culture is needed to develop a comprehensive offboarding and identity management strategy that limits potential for broader compromise in case of unauthorized access.

Increased turnover is putting a strain on existing offboarding processes — especially manual ones — for departing employees and contractors. Recent high-profile layoffs at major tech companies have
put the spotlight
on this issue.
Meanwhile, efforts to limit access to sensitive company information are growing more complex as data access points multiply.
The rise of distributed workforces, cloud computing, work from home, and shadow IT suggest a comprehensive offboarding policy is required, aided by automation.
A recent
survey
from Oomnitza found, however, that nearly half of IT leaders have doubts about their companys onboarding and offboarding automation capabilities.
The study found a third of enterprises lose more than 10% of their technology assets when offboarding workers, and more than four in 10 (42%) said they experienced unauthorized access to SaaS applications and cloud resources.
Ramin Ettehad, co-founder of Oomnitza, explains that enterprise technology management (ETM) solutions, with built-in integrations, rich analytics, and simplified workflows, allow organizations to define and continuously improve onboarding and offboarding processes.
They can fortify onboarding user experience by ensuring the right endpoints, accessories, applications, and cloud resources are available at the start so that the new hire can be productive on day one, he says.
These solutions can also enable secure offboarding by ensuring endpoints and their data are secured, software licenses are reclaimed, and access to systems, SaaS, and cloud resources are deprovisioned.
Furthermore, departing workers email, applications, and workplaces can be reassigned automatically to ensure business continuity.
All of this is done with true process automation across teams and systems, and is not driven by tickets and requests, which rely on manual workloads and are prone to delays and errors, Ettehad adds.
Cyberhaven CEO Howard Ting explains that most organizations today have a single sign-on product that can turn off an employees access to all apps with one click and device software that can lock and remotely wipe a laptop.
While many companies today turn off access as soon as, or even before, they notify employees theyre being let go, people can sense whats coming and they preemptively collect customer lists, design files, and source code in anticipation of losing access, he adds.
When an employee voluntarily quits, companies have even fewer tools to prevent data exfiltration because the employee knows theyre going to depart before their employer.
While many organizations more closely monitor employees from when they give notice to quit until their last day, a Cyberhaven
survey
found employees are 83% more likely to take sensitive data in the two weeks before they give notice when theyre under less scrutiny.
Ting says the best employee offboarding programs are coordinated across HR, IT, IT security, and physical security teams working together to protect company data and assets.
The HR team finalizes departures and notifies employees, IT ensures access to apps and company laptops is shut off in a timely manner, the physical security team disables access to company facilities, and the IT security team monitors for unusual behavior.
These teams perform specific tasks in sequence the day an employee or group of employees is let go, he says.
Ting adds hes also seeing more companies monitor for employees putting company data on personal devices or applications. When offboarding, they make the employees severance agreement contingent on returning or destroying that company data.
Ettehad adds managing and enabling a remote workforce today requires executives to break down silos and automate key technology business processes.
They must connect their key systems and orchestrate rules, policies, and workflows across the technology and employee lifecycle with conditional rule-based automation of all tasks across teams and systems, he says.
Tom McAndrew, CEO at Coalfire, calls for controlled urgency to tackle the secure offboarding challenge.
When we look at identity management more broadly, it can often be a complex problem, spanning many applications, internal, external, SaaS, on-prem, and so on, he says. The identity strategy is the central point. The fewer sources of identity and access control there are to manage, the more automation can support these operations at scale.
He argues that when HR and information security are not operating as a team, its easy to see platforms spinning to solve point solutions rather than looking at the what-if scenarios.
Every system that is not integrated with a core identity platform becomes one more manual task or another tool that needs to be invested in to solve a problem that could have been avoided with sensible planning, he says.
McAndrew adds that a rogue employee with authorized access to critical, sensitive information is a significant threat.
When you look at the potential risk from a disgruntled staff member, combined with an HR team struggling to manage a substantial scale of departures, its easy for mistakes to be made and for frustrated or disaffected staff to take matters into their own hands, he says.
He warns that this can also trigger legal complications, often requiring further professional forensic support, making a poor business decision even more costly.
Corey OConnor, director of products at DoControl, a provider of automated SaaS security, points out that unauthorized access to SaaS applications and cloud resources is an identity security problem for both human and machine identities.
However, preventative controls and detective mechanisms could help mitigate the risk of unauthorized access, he explains.
This means having full visibility and a complete inventory (i.e., users, assets, applications, groups, and domains) will enable security and IT teams to put in place the appropriate preventative controls.
From there, implementing detective mechanisms that identify high-risk or anomalous activity is the next step, he says.
Application-to-application connectivity, including machine identity, needs to be secure as well; otherwise the organization increases the risk of supply chain based attacks.
Machine identities can be over privileged, unsanctioned, and not within the security teams visibility, he says. When they become compromised, they can provide unauthorized access to sensitive data within the application that its connected to.
That means both human user and machine identities need preventative controls and detective mechanisms to reduce risk.
Davis McCarthy, principal security researcher at Valtix, a provider of cloud-native network security services, says that post-pandemic, many organizations increased their utilization of various cloud and SaaS platforms.
Because different departments use different applications, and some individuals integrate with interim solutions, IT departments found themselves drowning in the white noise of XaaS, with no standard way of managing it, he says.
While IT admins generally lock down the corporate email account during offboarding, ex-employees may still have access to unknown services that contain sensitive data.
Putting the idea of an insider threat aside, if one of those unknown services is hacked and needs the password changed, no one may know to take action, he warns.
McCarthy says network defenders need to determine where sensitive data is stored and develop ways to detect exfiltration.
Deploying an egress filtering solution limits how a threat can exfiltrate data, while also providing the needed visibility to verify it has not occurred, he says. The impact of stolen data varies from industry to industry, but most data breaches result in monetary fines and loss of customer confidence.
He adds that if IT security teams are bogged down with managing all the SaaS applications an organization uses, having too many of their own tools is also a burden.
Deploying scalable, multi-cloud management tools that consolidate visibility and policy enforcement reduces their operational overhead, McCarthy says.

Last News
▸ NSA evaluates IT access control limits ◂ Discovered: 26/12/2024 Category: security	▸ Insights from Prism: 8 Key Metadata Points ◂ Discovered: 26/12/2024 Category: security	▸ Survey finds customers expect to be asked and compensated for personal data use. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Secure Offboarding in the Spotlight as Tech Layoffs Mount