How to Keep Sensitive Data Safe with Automated Offboarding
July 14, 2022
6 minute read
Today’s employees have far more access to company data than ever before. As the number of SaaS apps in use grows, so does the amount of damage a departing employee can cause. If app, system, and device access isn’t revoked quickly enough, the consequences can be costly. This is why automating your employee offboarding process is more than just a time saver—it is a critical way to protect sensitive data.
A disgruntled employee can cause major damage if their access isn’t completely revoked immediately after they are terminated.
What can happen when employees aren’t offboarded fast enough
Five months after he was terminated, a former Cisco employee accessed a critical AWS-hosted system. While inside, he deleted 456 virtual machines, shutting down more than 16,000 WebEx Teams accounts for nearly two weeks. The shutdown cost Cisco roughly $1.4 million in employee time for remediation and over $1 million in customer refunds.
A credit union fired a part-time employee, and two days later she remotely accessed a file server. She deleted more than 20,000 files and almost 3,500 directories—a whopping 21.3 gigabytes of data that included mortgage applications and anti-ransomware software. The credit union has since spent approximately $10,000 in remediation.
“Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling,” stated FBI Assistant Director-in-Charge Michael J. Driscoll. “An insider threat can wreak just as much havoc, if not more, than an external criminal.”
An HR manager was fired from a professional services company in Manhattan. Just hours after she was escorted off the premises, she logged into a company system remotely and deleted over 17,000 job applications and resumes—all of the data in the system. Her employer had to spend over $100,000 to investigate, respond publicly, and rebuild its system. The company will never recover all the data it lost.
No one ever wants anything like this to happen at their company, let alone be the IT person responsible for offboarding and revoking access. The good news: You can prevent these types of incidents by automating your employee offboarding process.
With automated employee offboarding, you can revoke access to apps, devices, and shared resources in minutes. To avoid any type of delay, you can even start the process instantly by completing a form or submitting a ticket. That way, no time is spent waiting for IT to start the offboarding process when access needs to be revoked fast.
In this article, we’ll discuss everything you need to know to start automating your offboarding process. We’ll answer the following questions for you:
- What tool should I use to automate the offboarding process?
- How do I build an automated workflow for offboarding employees?
- How do I create a zero-touch workflow to offboard a departing employee as quickly as possible?
What tool should I use to automate my offboarding process?
There are more tools in the market every day that claim to offer “easy-to-use” automation functionality. Because the benefits of automating HR processes are so numerous, more and more providers are seeking to offer those capabilities.
From iPaaS to IDaaS with automation add-ons, wading through the options for automation can seem like a daunting prospect. However, if you want to make sure anyone on your IT team is able to create and manage workflows with minimal ramp time, a SaaS management platform (SMP) is an optimal choice.
An SMP like BetterCloud ingests and analyzes metadata from all the apps it is connected to. BetterCloud can then use this operational intelligence to make workflows simpler and easier to manage—even for long, complex processes like offboarding an employee.
Once an automated workflow is created to offboard an employee, it is critical to keep it up to date. You don’t want to leave any departing employees access to any company app or shared resource, even if it was recently rolled out.
An overly complex automation tool can introduce costly delays if updating an offboarding workflow takes a long time or requires specialized, outside help. Choosing an SMP like BetterCloud ensures that anyone on your IT team can update critical workflows with a minimum of effort. When a workflow can be updated in minutes, you can be sure departing employees won’t retain access to newly-adopted apps, systems, and resources.
How do I build an automated workflow for offboarding employees?
Now that we’ve discussed what tool to use, the next step is to take a closer look at your current offboarding process to get it ready for automation. We recommend spending some time to answer the following questions:
- Where are all the possible places that users might store data? You might assume that most employees rely on Google Drive, but you might also discover that they’re keeping documents in applications such as Dropbox, Office 365, or even Zoom for recordings.
- What is your source of truth? Is it an HRIS or an IdP like Okta, OneLogin, or Azure AD? Knowing your source of truth will enable you to create a consistent and repeatable trigger to start your offboarding process.
- How do HR and the manager want to handle things like delegation, auto-replies, and email forwarding? Do managers need to be granted email access to their departing employees? Documents? What other gaps need to be considered?
- What’s the time period for deprovisioning licenses? Do you want to keep email access for 30 days? What are the retention requirements?
Once you have these answers, you are ready to start creating your offboarding workflow in BetterCloud. Our eBook, “Death by 1,000 Tabs: How IT Can Optimize the Offboarding Process in a SaaS Management Platform,” includes a deep dive into the anatomy of a complete offboarding workflow. To get a closer look at how to build an offboarding workflow in BetterCloud, complete with screenshots and step-by-step instructions, download the eBook.
To take a closer look at how an IT team at a company that uses a lot of SaaS automates offboarding, watch episode six of the SaaSOps show: “Supercharged Offboarding with BetterCloud and an IDP.” In this video, three IT team members, including an automation engineer, discuss how they approach offboarding, and demonstrate how they’ve built their offboarding workflow in BetterCloud.
With an SMP like BetterCloud, you save even more time by building your offboarding workflow with a pre-built workflow template. With BetterCloud’s offboarding template, you can simply modify the workflow to meet your needs—while making sure you are following current best practices. This way, you won’t have to create your workflow from scratch, especially if your IT environment uses a lot of “best in breed” SaaS, such as Google Workspace, Slack, and Zoom.
How do I create a zero-touch workflow to offboard a departing employee as quickly as possible?
As the “nightmare scenarios” we discussed above have shown, you can’t waste any time when offboarding employees. With so much sensitive company data at their fingertips, you want to revoke access as soon as possible after an employee’s departure.
With BetterCloud, you can set up your workflow to “kick off” from a ticket or form submission, removing the need for any manual work by IT. This way, someone in HR, or even the departing employee’s manager, can simply fill out a form or complete a ticket to immediately begin the offboarding process. Watch the video below to learn how to set this up with Jira and BetterCloud.
For additional details on how to optimize offboarding and other workflows, check out our recent ebook, “Cheat Your Way to IT Success with Zero Touch Automation.” In it, you will find everything you need to create offboarding workflows that can be started quickly and easily—and outside of IT.
It is true that automating your offboarding process can be a huge time-saver for your IT department—especially if they are currently performing all the steps manually. Automated offboarding also prevents an unhappy departing employee from destroying data, stealing customer lists, or causing other costly problems. This makes a fully featured SMP a critical tool for both IT and security teams.
To learn more about how an SMP can not only save time through automation, but also keep files secure and your IT environment safe, check out a wealth of security-related resources in our content library.
If you want to see how BetterCloud can keep former employees from accessing sensitive company data with automated offboarding, schedule a demo.