The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.
Rogue access is an issue that affects not only large enterprises, but also small and medium businesses, the 2014 SMB Rogue Access Study from Intermedia shows. A total of 89% of the roughly 380 knowledge workers that took part in a survey conducted by Osterman Research said they retained access to email, PayPal, Salesforce, SharePoint, Google Apps, Office 365 and social media accounts after they left their jobs. More precisely, 24% of users said they still have access to PayPal, 21% have access to Facebook and 18% have access to LinkedIn accounts they used while working for a previous company.
The study shows that 45% of ex-employees continued having access to confidential or highly confidential data and, worryingly, close to half of the respondents admitted logging in to accounts after leaving the company.
“People want to work at home. They want files available when they’re travelling. But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered,” commented Michael Osterman, president of Osterman Research. “This report provides direction for these companies to regain control over their cloud.”
According to Intermedia, 60% of the surveyed individuals said they were not asked for their cloud logins when they left their jobs. The problem, in many cases, can be both technical and procedural. For example, in many organizations, different departments are responsible for provisioning different apps – HR is responsible for payroll apps, IT for email, and department managers for business apps. Because of this, there is often no clear responsibility, which leads to rampant rogue access.
Nine of ten people retain access to the file sharing services they used at their old jobs, and 68% of users are in the habit of storing work files in personal cloud storage. Furthermore, many employees use generally available services like SurveyMoney and Google Apps to get work done. This new trend, known as Bring-Your-Own-Service/App, is good for productivity, but just like Bring-Your-Own-Device (BYOD), it creates security holes, the report points out.
Rogue access is dangerous because it can lead to loss or theft of sensitive data, regulatory compliance failures, data breaches, sabotage, and other problems. To address these issues, Intermedia recommends implementing a rigorous access management and IT offboarding process, the use of cloud storage services that are easy to use to prevent employees from turning to solutions that can’t be controlled by the IT department, and the use of a single sign-on portal for managing and controlling access.

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
- Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
- Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
