Preventing Rogue Access



Similar documents
FileCloud Security FAQ

Advanced Configuration Steps

Mod 2: User Management

Quick Start Guide Sendio Hosted

Centrify Cloud Connector Deployment Guide

Take Control of Identities & Data Loss. Vipul Kumra

WHITE PAPER SPON. Do Ex-Employees Still Have Access to Your Corporate Data? Published August 2014 SPONSORED BY. An Osterman Research White Paper

The Top 5 Federated Single Sign-On Scenarios

Get Started Guide for Admins

Google Identity Services for work

How To Secure Shareware Kiteworks By Accellion

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Egnyte Cloud File Server. White Paper

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Dell World Software User Forum 2013

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

NCSU SSO. Case Study

How to configure the TopCloudXL WHMCS plugin (version 2+) Update: Version: 2.2

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

How To Make A Multi-Tenant Platform Secure And Secure

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

Google Apps Deployment Guide

Top. Reasons Legal Firms Select kiteworks by Accellion

Administering Google Apps & Chromebooks for Education

managing SSO with shared credentials

Secret Server Qualys Integration Guide

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Cyber Essentials Questionnaire

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Portal User Guide. Customers. Version 1.1. May of 5

JumpCloud is your Directory-as-a-Service. A fully managed directory to rule your infrastructure whether on-premise or in the cloud.

SecuriSync The Goldilocks Solution For File Sharing CALL US US ON THE WEB intermedia.

Client Portal Training

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation

Strategic Identity Management for Industrial Control Systems

ShareFile Enterprise for healthcare

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

User Guide. Version R91. English

Single Sign On. SSO & ID Management for Web and Mobile Applications

WHITE PAPER. Understanding Transporter Concepts

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Server Account Management

Addressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA

PRiSM Security. Configuration and considerations

Frequently asked questions

Directory Integration with Okta. An Architectural Overview. Okta White paper. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Securing SharePoint 101. Rob Rachwald Imperva

User Management Tool 1.5

AVG Business SSO Connecting to Active Directory

Flexible Identity Federation

CA point of view: Content-Aware Identity & Access Management

Increase the Security of Your Box Account With Single Sign-On

Introduction. PCI DSS Overview

Managing users. Account sources. Chapter 1

Configuration Guide. BES12 Cloud

Cloud Services. Getting Started. with Cloud Services Admin Guide

McKesson Practice Choice TM Electronic Prescribing of Controlled Substances (EPCS) Frequently Asked Questions

All your apps & data in the cloud, all in one place.

The Customer page is only displayed in Admin Portal on Managed Service Provider accounts. It is not displayed in customer accounts.

The Cloud App Visibility Blindspot

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Identity Governance Evolution

OneLogin Integration User Guide

Allianz Global Investors Remote Access Guide

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Managing Identities and Admin Access

Secure Your Enterprise with Usher Mobile Identity

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

G-CLOUD FRAMEWORK RM1557-vi 5DRIVE PROFESSIONAL STORAGE (PRO)

W H IT E P A P E R. Salesforce CRM Security Audit Guide

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Security Overview Enterprise-Class Secure Mobile File Sharing

The Essential Security Checklist. for Enterprise Endpoint Backup

Powered by. FSS Buyer s Guide Why a File Sync & Sharing Solution is Critical for Your Business

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

Six Best Practices for Cloud-Based IAM

Guide to Evaluating Multi-Factor Authentication Solutions

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

How to Audit the 5 Most Important Active Directory Changes

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Office 365 deployment checklists

Getting Started with Clearlogin A Guide for Administrators V1.01

White paper Contents

Research Information Security Guideline

The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

The 7 Tenets of Successful Identity & Access Management

Transcription:

Preventing Rogue Access How to manage user access to IT services during employment and after employment ends. Processes for managing IT access Best practices for onboarding new employees An exhaustive onboarding checklist Plus: Advice for regulated companies Intermedia and Osterman Research recently surveyed knowledge workers about their access to former employers IT systems. An incredible 89% of respondents retained access to at least one system such as Salesforce, PayPal, email, SharePoint and other sensitive corporate apps. One of Osterman Research s key for preventing this kind of access is to implement best practices for managing employee access to IT services as well as a rigorous IT offboarding process for departing employees. This document presents a template for bringing these practices to your company. It includes guidelines for setting up internal processes as well as specific actions to take when onboarding and offboarding employees. In addition, it includes specific to regulated industries such as financial services, legal services and healthcare. Learn how Intermedia s email, phone, file storage and single sign-on services dramatically reduce the risks of rogue access. Call (800) 379.7729 or email sales@intermedia.net. presented by Find more tips for preventing Rogue Access plus a white paper by Osterman Research at Intermedia.net/RogueAccess 1

Best practices for tracking access to IT systems The first step to preventing unauthorized access by current and former employees is to develop a complete understanding of your IT landscape and the access privileges within it. IT systems access 1. Establish a security and compliance group within the company This group should monitor two key areas: 1) who has access to which IT services and 2) how information is being accessed and shared. You should build this group s role into broader IT policies so that alerts can go out when a policy has been violated. This group should provide compliance and security training to employees on a quarterly/yearly basis. 2. Put in place a clear set of company IT policies. This includes policies on app usage, a list of approved sites and services and a list of approved software and apps that employees can use. Also, require that employees use company-provided logins for these apps instead of personal logins. 3. Provide role-based access to applications. Create a stringent approval process for all services, apps, and equipment that employees need. Employ two levels of approval for each request: approval from the employee s direct manager, as well as a VP or account owner. Keep records in a centralized database, so you have a clear paper trail of all services and equipment given to each employee. 4. Create a central repository for admin logins and passwords. Don t give users admin rights to their laptops. Instead, require employees to log tickets with IT to get access to download new software. 5. Eliminate shared logins/accounts. Assign accounts to one person whenever possible. If you have to use a shared account for budgetary reasons, make sure you rotate out the password on a monthly basis and employ strong password policies. 6. Conduct regular audits. Audit all your user accounts (LDAP, Active Directory, all apps) regularly. Have a single place for running audit reports and searching for users. Make sure you track all the apps being used regardless of department so you know who s paying for them, who owns them, and what access and control IT has. Employee onboarding 1. Set up your accounts in Active Directory, and make sure all cloud apps are SAML authenticated. This gives you one central location to manage employee accounts. It also makes it faster and easier to provision and de-provision employees. 2. Use unique identifiers when creating new employee accounts. In the system in which you re creating the account, fill an unused attribute field with the employee s unique HR-assigned ID number. This way, if a user has different name listings (e.g. J. Smith, Joe S., etc.), it s easier to find all the apps with which they are associated. 3. Maintain a distribution list to announce new hires. A distribution lists ensures that all key departments (Finance, HR, Facilities, etc.) are notified without fail when someone new is coming onboard. 4. Run a system audit when employees change departments. Make sure you de-provision access to anything the employee no longer needs in their new role. That way, employees always have access to only those systems and applications that they really need to do their jobs. Employee offboarding 1. Adhere to a strict employee offboarding checklist. A sample checklist is included in this document. 2. Maintain distribution list for terminations. Similar to your new hire distribution list, create a list that informs key departments (Finance, HR, Facilities, Legal, etc.) when an employee is leaving. 3. Direct the email account of a departing employee to his/her manager. Reroute the departing employee s email account to their manager for the first 2-3 months so that important messages are retained and handled. 2

4. Terminate all employee accounts. It is critical to terminate every employee account to every service, both on-premises and in the cloud. If the employee is the primary contact for an online account or project, make sure that contact gets re-assigned. 5. Review the apps saved in your employee s single signon portal. This is an excellent method for discovering apps that an employee may have provisioned or used without IT s knowledge. (These unknown apps are the most likely to create the risk of post-employment access.) 6. Make sure to collect all company assets: laptops, phones, ID badges, software, etc. Also make sure you collect any external hard drives or company-owned equipment an employee may have used as part of a home office. Recommendations for regulated companies If you re in a regulated industry such as finance or healthcare, you must put extra measures in place to ensure compliance with governmental regulations. Here s a list of suggestions that regulated companies can implement to better control access to corporate accounts and data. 1. Eliminate access to outside email/internet. 2. Restrict access to certain sites/apps (e.g. Facebook) to read-only. 3. Only allow access to company-approved sites. 4. Require employees to use desktop machines or dummy terminals. 5. Don t allow employees to take laptops or work computers home. 6. Remove the ability for employees to utilize USB or external hard drives to save data from their computer. 7. Implement an approval process for all outbound email. This may include requiring approval by a manager before email goes out. 8. Only allow work email and information to be accessed on company-issued mobile devices. About Intermedia Intermedia s Office in the Cloud offers email, phone service, file sync and share, single sign-on, archiving and more. They re all fully integrated, secure and mobile. And they re all managed through our central HostPilot control panel. Our services thwart the ex-employee menace by making it simple to revoke access to the entire cloud footprint with just one click. Learn more at Intermedia.net/RogueAccess. Intermedia s cloud IT services prevent Rogue Access. Learn how. CALL US EMAIL US ON THE WEB 1.800.379.7729 sales@intermedia.net intermedia.net 3

Employee Offboarding Checklist Presented by: Employee name: Supervisor name: Department: Separation date: Item(s) to collect Done If No, explain Computer, laptop and any other company equipment Logins for all corporate and department apps All digital certificates, key files, and passwords, including any client certificates that may be used for identity verification and/or signing purposes Keys to any company building or equipment (file cabinets, company car, machinery, etc.) ID badge VPN key fob or card Actions to perform Done If No, explain Instruct employee to remove personal data from company devices and accounts within a clear timeframe. Inform employee that devices, files, accounts, etc. revert to the company after they leave. Transfer ownership or access to any company records to the employee s department. This includes records stored on non-company devices. Have employee remove company data from personal file sharing services and non-company devices. Have employee sign an agreement acknowledging that their data has been removed from personal services and devices. 1

Actions to perform Done If No, explain Have employee sign a non-compete or other NDA agreements. Ask employee whether there is any sensitive data on devices or in accounts that must be protected. Securely wipe employee s laptop or computer and retain custody of all equipment. Disable ActiveSync and Active Directory for the employee. About Intermedia Intermedia s Office in the Cloud offers email, phone service, file sync and share, single sign-on, archiving and more. They re all fully integrated, secure and mobile. And they re all managed through our central HostPilot control panel. Our services thwart the ex-employee menace by making it simple to revoke access to the entire cloud footprint with just one click. Learn more at Intermedia.net/RogueAccess. Intermedia s cloud IT services prevent Rogue Access. Learn how. CALL US EMAIL US ON THE WEB 1.800.379.7729 sales@intermedia.net intermedia.net 2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information