In accordance to new exploration on employee offboarding, 70% of IT pros say they have experienced the adverse outcomes of incomplete IT offboarding, whether in the variety of a security incident tied to an account that wasn’t deprovisioned, a shock invoice for sources that usually are not in use any more, or a skipped handoff of a critical resource or account. This is regardless of an normal of 5 several hours used for every departing staff on functions like discovering and deprovisioning SaaS accounts. As the SaaS footprint within just most companies carries on to increase, it is starting to be exponentially a lot more difficult (and time-consuming) to guarantee all accessibility is deprovisioned or transferred when an employee leaves the group.
How Nudge Security can help
Nudge Security is a SaaS administration platform for fashionable IT governance and security. It discovers each and every cloud and SaaS account at any time made by any one in your organization, which includes generative AI applications, giving you a single supply of reality for departing users’ accounts and OAuth grants that will need to be deprovisioned, revoked, or transferred.
And, a designed-in playbook walks you by a thorough checklist for IT offboarding in alignment with Google and Microsoft greatest procedures. The playbook can support you help save up to 90 per cent of the time and hard work involved in SaaS offboarding by automating time-consuming, straightforward-to-overlook tasks like revoking OAuth grants and resetting passwords for accounts outdoors of one signal-on (SSO).
Let’s take a glance at how Nudge Security helps you with every single action so you can guarantee full offboarding of SaaS accounts.
1. Revoke obtain to Google Workspace or Microsoft 365
The moment you’ve got picked the worker you will need to offboard, the initial action is to validate the position of their Google or Microsoft account.
Initially, you can want the employee’s Google or Microsoft account to stay active though you complete other offboarding jobs. Nonetheless, you are going to want to make confident the person can no longer accessibility the account by resetting their password and disabling any recovery strategies they may perhaps have established up. Nudge Security assists you confirm the status of each and every of these techniques so you can guarantee that accessibility has been revoked.
2. Transfer possession of critical sources.
In advance of you start deprovisioning your departing employee’s accounts, you will want to establish and changeover ownership of necessary assets like AWS root user accounts, company domains, social media accounts and much more.
Nudge Security mechanically identifies critical methods owned by your departing staff and guides you by way of how to transfer possession to other staff members. For each and every resource, Nudge Security presents specific instructions with valuable backlinks and a summary of other app buyers who could just take about responsibility for each individual source. As you go via the checklist, you can ensure that you have transferred ownership or log your conclusion to overlook a unique resource that isn’t going to need to have to be transferred.
3. Evaluation and update app-to-app integrations.
OAuth grants are typically utilised to empower application-to-application integrations and automation so if a departing employee’s OAuth grants are revoked without assessment, this could disrupt working day-to-day functions.
Nudge Security displays you all app-to-app OAuth grants and scopes for the departing worker so you can assess the likely organization influence of each and every integration and decide if it really should be recreated with a different account. You’ll also see who the other customers of that application are so you can have interaction them as wanted. This move of the offboarding procedure will aid ensure that automatic organization processes continue to perform as expected right after the personnel leaves the group.
4. Revoke SSO-managed accounts.
This stage is simple. With the simply click of a button (and without the need of leaving the Nudge Security dashboard), you can revoke entry to all of the accounts managed by your one indicator-on (SSO) company, like Azure Ad or Okta. Afterwards on, the playbook will also wander you by means of cleaning up the contents of all those accounts.
5. Revoke obtain to apps authenticated by using OAuth.
OAuth grants make it quick for workers to develop new accounts merely by deciding on the choice to authenticate with Google Workspace or Microsoft 365. Nudge Security can make it just as straightforward for security and IT groups to identify and revoke departing users’ OAuth grants immediately from Nudge Security. Now that you’ve got now reviewed and recreated any scopes related to application-to-application integrations, you can revoke the remaining app accessibility granted via OAuth.
6. Revoke obtain to unmanaged accounts.
OAuth grants and SSO-managed accounts only deliver a partial view of your departing employee’s obtain. Lingering SaaS sprawl can depart doors open for illegitimate obtain to sensitive methods and data just after an personnel leaves your corporation. Luckily, Nudge Security also inventories unmanaged accounts that your worker may possibly have made with their do the job email outdoors of common IT or procurement procedures.
Not only will Nudge Security present you the record of unmanaged applications, but you can set off automatic password resets from within the platform to avert even further entry by the departing worker. Without this automation, it could take hours to do this manually, if you even know the accounts exist in the initially spot.
7. Clean up up revoked accounts.
After the user’s obtain has been revoked, it is essential to clear up their accounts to stay away from orphaning company information or continuing to spend for unused licenses.
Nudge Security permits you to ship an automated “nudge” to the specialized or business enterprise owner for each and every SaaS software with directions to delete or shift delicate info, reallocate licenses, and reassign possession of means to a further consumer.
8. Document offboarding things to do with a designed-in report.
Nudge Security information all of the offboarding methods you have taken, so you can often go again and check what was accomplished for every single employee. At the time you have completed offboarding a departing employee’s SaaS and cloud accounts, you can create a .pdf report of the pursuits you completed and share it with internal consumers or auditors.
Transition personnel seamlessly with Nudge Security
Nudge Security assists you offboard departing customers successfully and totally, enabling you to secure company methods and steer clear of organization disruptions without having losing treasured time on cumbersome, repetitive tasks.
Get started your cost-free 14-day trial now.
Observed this post attention-grabbing? Adhere to us on Twitter and LinkedIn to study extra exclusive content material we write-up.
Some parts of this report are sourced from: