No matter how well your HR team recruits, some of those hires are going to leave. When they do, they leave behind gaping holes in your company’s security and data compliance measures, thanks to the massive rise in SaaS apps.
These holes create significant safety and compliance concerns that extend far beyond the IT department and HR team, especially now as compliance and data safety is under increasing scrutiny and legislative attention.
How can you manage the offboarding process to align with IT’s compliance challenges? First, we’ll look at the true scope of the problem, then take a look at a surprisingly simple solution for this massive problem.
Close to three out of four companies will be running solely on Software as a Service (SaaS) applications soon, managed on IaaS (infrastructure as a service) and PaaS (platform as a service), according to Gartner 2018 stats.
Source: Gartner (September 2018)
Gartner reports SaaS remains the largest segment of the cloud market, with revenue expected to grow 17.8 percent to reach $85.1 billion this year, with no foreseeable downturn.
This growth means growing headaches for HR and IT teams when someone leaves, notes Tal Bereznitskey, the CTO of SaaS management firm Torii.
“Properly managing users’ offboarding and shutting down the accounts of departing employees is one of the most tedious yet crucial tasks of the IT department,” he writes. “It includes figuring out what apps the employees have signed up for and used, what access permissions you must revoke and what company data resides in these apps and should be deleted and returned to the safety of the corporate infrastructure.”
Think it’s not that big a problem? Consider your own job. You might have access to dozens and dozens of SaaS apps like MailChimp, Hubspot, Salesforce, Slack, Dropbox, Zoom or myriad other skill-specific apps like Canva, Quickbooks, Twitter… you begin to see the scope of the challenge.
And then there’s the rise of BYOD (Bring Your Own Device), as workers become increasingly independent of the workplace and no longer rely on “the company computer” to be productive.
BYOD might sound like a win-win for workers and companies, writes Lilach Bullock in Forbes, but there are undeniable security risks that come with accessing company data and resources on private devices.
“The relationship between IT departments and BYOD is also subject to change as more employees use their own devices at work,” Bullock explains. “IT managers need to keep a close eye on employees and the devices they bring in to work in order to make sure the business is protected and that the employee isn’t violating any compliance issues.”
It’s probably happening already in your own company, as offboarded employees walk away with their devices and take access to your company’s apps with them.
Then consider all the contractors you’ve got working with you. When they leave, they aren’t usually part of your offboarding process at all, but they may have access to some critical company apps.
The reasons are complex. Favorable labor market conditions are fueling an atmosphere of a job change. Job openings are high, unemployment is low …and workers are feeling empowered to seize new opportunities.
The result can be chaotic for HR and IT. But this holds true in reverse situations too, like during a recession, when layoffs rise. In a good economic climate or a troubling one, the rise of web apps and smartphones combined with high numbers of people leaving their jobs creates a double whammy for compliance.
The heart of the SaaS challenge lies in visibility – who uses what, where. And because SaaS is so easy to download and use, visibility is low and user control is weak.
“Many organizations do not have a broad cloud strategy,” writes Bob Violino in InfoWorld, “and this has led to a rise in business users acquiring SaaS applications on their own—without the knowledge of IT—to fill in gaps that exist.”
This leads to wasteful spending – app seats that are paid for and rarely used – and poor data management. It also adds an extra burden to IT and HR when it comes time to offboard.
By now you may be realizing the potential scope of this problem in your own company. The solution begins when you adapt your offboarding process to cover this new level of risk.
The first step? Consider using an offboarding checklist that starts with revoking system access from your company’s Identify Provider (IdP) and SSO, then walks through VPN, remote access, SaaS seats, email and financial considerations like credit cards.
Beyond the checklist, consider automating your employee offboarding to help you regain visibility and take back control. Using a SaaS management solution can wrangle the seemingly never-ending process of deactivating app access and automate the process. Working with IT, the HR team can determine what apps are absolutely critical to disable during the immediate offboarding, and what lower-impact apps can be deactivated by removing SSO or other system-wide access.
Then access can be limited or removed by an employee, by group, or by disabling the app itself.
Clearly, this is not a problem to be addressed “someday down the line.” The combination of the massive uptake in SaaS use, the growing BYOD trend, and a highly fluid workforce opens a huge security gap in your enterprise, no matter the size.
Manage it by refining your offboarding process so you gain visibility and regain control over who’s using what, where.