Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey

The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.

The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.

Rogue access is an issue that affects not only large enterprises, but also small and medium businesses, the 2014 SMB Rogue Access Study from Intermedia shows. A total of 89% of the roughly 380 knowledge workers that took part in a survey conducted by Osterman Research said they retained access to email, PayPal, Salesforce, SharePoint, Google Apps, Office 365 and social media accounts after they left their jobs. More precisely, 24% of users said they still have access to PayPal, 21% have access to Facebook and 18% have access to LinkedIn accounts they used while working for a previous company.

 The study shows that 45% of ex-employees continued having access to confidential or highly confidential data and, worryingly, close to half of the respondents admitted logging in to accounts after leaving the company.

“People want to work at home. They want files available when they’re travelling. But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered,” commented Michael Osterman, president of Osterman Research. “This report provides direction for these companies to regain control over their cloud.”

According to Intermedia, 60% of the surveyed individuals said they were not asked for their cloud logins when they left their jobs. The problem, in many cases, can be both technical and procedural. For example, in many organizations, different departments are responsible for provisioning different apps – HR is responsible for payroll apps, IT for email, and department managers for business apps. Because of this, there is often no clear responsibility, which leads to rampant rogue access.

Nine of ten people retain access to the file sharing services they used at their old jobs, and 68% of users are in the habit of storing work files in personal cloud storage. Furthermore, many employees use generally available services like SurveyMoney and Google Apps to get work done. This new trend, known as Bring-Your-Own-Service/App, is good for productivity, but just like Bring-Your-Own-Device (BYOD), it creates security holes, the report points out.

Rogue access is dangerous because it can lead to loss or theft of sensitive data, regulatory compliance failures, data breaches, sabotage, and other problems. To address these issues, Intermedia recommends implementing a rigorous access management and IT offboarding process, the use of cloud storage services that are easy to use to prevent employees from turning to solutions that can’t be controlled by the IT department, and the use of a single sign-on portal for managing and controlling access.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...