The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.
Rogue access is an issue that affects not only large enterprises, but also small and medium businesses, the 2014 SMB Rogue Access Study from Intermedia shows. A total of 89% of the roughly 380 knowledge workers that took part in a survey conducted by Osterman Research said they retained access to email, PayPal, Salesforce, SharePoint, Google Apps, Office 365 and social media accounts after they left their jobs. More precisely, 24% of users said they still have access to PayPal, 21% have access to Facebook and 18% have access to LinkedIn accounts they used while working for a previous company.
The study shows that 45% of ex-employees continued having access to confidential or highly confidential data and, worryingly, close to half of the respondents admitted logging in to accounts after leaving the company.
“People want to work at home. They want files available when they’re travelling. But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered,” commented Michael Osterman, president of Osterman Research. “This report provides direction for these companies to regain control over their cloud.”
According to Intermedia, 60% of the surveyed individuals said they were not asked for their cloud logins when they left their jobs. The problem, in many cases, can be both technical and procedural. For example, in many organizations, different departments are responsible for provisioning different apps – HR is responsible for payroll apps, IT for email, and department managers for business apps. Because of this, there is often no clear responsibility, which leads to rampant rogue access.
Nine of ten people retain access to the file sharing services they used at their old jobs, and 68% of users are in the habit of storing work files in personal cloud storage. Furthermore, many employees use generally available services like SurveyMoney and Google Apps to get work done. This new trend, known as Bring-Your-Own-Service/App, is good for productivity, but just like Bring-Your-Own-Device (BYOD), it creates security holes, the report points out.
Rogue access is dangerous because it can lead to loss or theft of sensitive data, regulatory compliance failures, data breaches, sabotage, and other problems. To address these issues, Intermedia recommends implementing a rigorous access management and IT offboarding process, the use of cloud storage services that are easy to use to prevent employees from turning to solutions that can’t be controlled by the IT department, and the use of a single sign-on portal for managing and controlling access.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
- Apple Patches Exploited iOS Vulnerability in Old iPhones
Latest News
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- Tenable Launches $25 Million Early-Stage Venture Fund
- 820k Impacted by Data Breach at Zacks Investment Research
- Mapping Threat Intelligence to the NIST Compliance Framework Part 2
- Hive Ransomware Operation Shut Down by Law Enforcement
