Security Experts:

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey

The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company, according to a report published Wednesday by cloud business applications provider Intermedia.

Rogue access is an issue that affects not only large enterprises, but also small and medium businesses, the 2014 SMB Rogue Access Study from Intermedia shows. A total of 89% of the roughly 380 knowledge workers that took part in a survey conducted by Osterman Research said they retained access to email, PayPal, Salesforce, SharePoint, Google Apps, Office 365 and social media accounts after they left their jobs. More precisely, 24% of users said they still have access to PayPal, 21% have access to Facebook and 18% have access to LinkedIn accounts they used while working for a previous company.

 The study shows that 45% of ex-employees continued having access to confidential or highly confidential data and, worryingly, close to half of the respondents admitted logging in to accounts after leaving the company.

"People want to work at home. They want files available when they're travelling. But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered," commented Michael Osterman, president of Osterman Research. "This report provides direction for these companies to regain control over their cloud."

According to Intermedia, 60% of the surveyed individuals said they were not asked for their cloud logins when they left their jobs. The problem, in many cases, can be both technical and procedural. For example, in many organizations, different departments are responsible for provisioning different apps - HR is responsible for payroll apps, IT for email, and department managers for business apps. Because of this, there is often no clear responsibility, which leads to rampant rogue access.

Nine of ten people retain access to the file sharing services they used at their old jobs, and 68% of users are in the habit of storing work files in personal cloud storage. Furthermore, many employees use generally available services like SurveyMoney and Google Apps to get work done. This new trend, known as Bring-Your-Own-Service/App, is good for productivity, but just like Bring-Your-Own-Device (BYOD), it creates security holes, the report points out.

Rogue access is dangerous because it can lead to loss or theft of sensitive data, regulatory compliance failures, data breaches, sabotage, and other problems. To address these issues, Intermedia recommends implementing a rigorous access management and IT offboarding process, the use of cloud storage services that are easy to use to prevent employees from turning to solutions that can't be controlled by the IT department, and the use of a single sign-on portal for managing and controlling access.


view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.