Think about your life today. When are your interests and actions not being anticipated and predicted by someone or some company? From online shopping recommendations, to the “you might like this” this movie suggestions and recommended news articles – customized information and services are continually being pushed to you as the consumer. And in my opinion, these predictions are getting more and more prevalent.
Your workforce now has those same expectations for the availability of technology services and applications at work. They are demanding solutions that predict their needs and automatically deliver the services they need to effectively perform their jobs. Unlike the consumer world where lack of predictive qualities have little negative impact on the consumer (in fact, for me poor predictions leave me a little wealthier), in the enterprise it can lead to greater security risk. When business consumers don’t receive the right level of access they can become rowdy and the “work-around” mentality sets in – exposing the business to security vulnerabilities.
This leads me to the next security truth in my Five Important Truths about Digital Workspaces in a Dangerous World blog series…
Shadow IT Often Starts during Onboarding
Nothing encourages Shadow IT more than when a new employee has been onboard for over a week and still doesn’t have the access they need to do their job. When that employee becomes frustrated they often:
- Find what they need on their own – usually a cloud option from the internet
- Or, ask a colleague what workaround they can use to get what they need
Tribal knowledge is one of the guiltiest vehicles for passing down workarounds – but it can have a huge impact on increasing security threat levels for IT.
To prevent new security gaps from expanding with every new hire, strong predictive and automated onboarding policies must be put in place. Not only does strong onboarding improve employee morale and higher productivity rates, but it also reduces the risk of employees going outside IT sanctioned policies to bring in unapproved, and potentially risky, applications.
For Every Role Change (Action) There Should Be Security Changes (Reaction)
Throughout the lifecycle of an employee, their role will change or at least evolve. It is critical that as this evolution occurs, so should their access to resources and authorization levels. If your IT organization is not predicting the changing access needs, then you will fall victim to granting access by request only. Always on the defensive.
If you can predict each employee’s needs changing based on role and context, then not only can you provide the right access at the right time, but you can also revoke access when it is no longer needed. Reducing the threat of a significant security gap in many organizations – few people lose access through their employment tenure.
Your Top Internal Threat is Poor Offboarding
I was amazed once again to hear in the news about the absence of proper offboarding. This time it was an organization that houses some of the country’s most private information – the IRS. A report stated that the “IRS does not always delete employee access when workers quit or are fired.” Really IRS? You house each US citizen’s social security number, financial earnings, address, and more. But when people get fired, they still have access? Why wasn’t this a top security concern?
This type of behavior happens significantly more than anyone would like to believe. One of the main reasons is lack of communication. When someone leaves an organization, HR is notified but who notifies IT? Now IT can’t predict when someone will leave, but they can predict what privileges need to be revoked when HR changes someone’s profile from employed to no longer employed, if they have the right automation solution in place.
In order to avoid the security vulnerabilities outlined here, organizations need to invest in the prediction, automation, and controlled provisioning/de-provisioning of employees’ digital workspaces. This will give the workforce the technology necessary for productivity while maintaining a centralized policy-based governance model ensuring security and compliance.
Now is the time to ask yourself – how well does your organization predict your workforce needs based on each employee’s lifecycle?
For more of the 5 Important Truths about Digital Workspaces in a Dangerous World, check out the full blog series here.
Or you can download the full whitepaper here.