Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey

The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.

The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.

Rogue access is an issue that affects not only large enterprises, but also small and medium businesses, the 2014 SMB Rogue Access Study from Intermedia shows. A total of 89% of the roughly 380 knowledge workers that took part in a survey conducted by Osterman Research said they retained access to email, PayPal, Salesforce, SharePoint, Google Apps, Office 365 and social media accounts after they left their jobs. More precisely, 24% of users said they still have access to PayPal, 21% have access to Facebook and 18% have access to LinkedIn accounts they used while working for a previous company.

 The study shows that 45% of ex-employees continued having access to confidential or highly confidential data and, worryingly, close to half of the respondents admitted logging in to accounts after leaving the company.

“People want to work at home. They want files available when they’re travelling. But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered,” commented Michael Osterman, president of Osterman Research. “This report provides direction for these companies to regain control over their cloud.”

According to Intermedia, 60% of the surveyed individuals said they were not asked for their cloud logins when they left their jobs. The problem, in many cases, can be both technical and procedural. For example, in many organizations, different departments are responsible for provisioning different apps – HR is responsible for payroll apps, IT for email, and department managers for business apps. Because of this, there is often no clear responsibility, which leads to rampant rogue access.

Nine of ten people retain access to the file sharing services they used at their old jobs, and 68% of users are in the habit of storing work files in personal cloud storage. Furthermore, many employees use generally available services like SurveyMoney and Google Apps to get work done. This new trend, known as Bring-Your-Own-Service/App, is good for productivity, but just like Bring-Your-Own-Device (BYOD), it creates security holes, the report points out.

Rogue access is dangerous because it can lead to loss or theft of sensitive data, regulatory compliance failures, data breaches, sabotage, and other problems. To address these issues, Intermedia recommends implementing a rigorous access management and IT offboarding process, the use of cloud storage services that are easy to use to prevent employees from turning to solutions that can’t be controlled by the IT department, and the use of a single sign-on portal for managing and controlling access.

 

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...