Secure IT Offboarding Checklist - 7-point step for IT and Security teams

As an IT leader, you see your employees move on an everyday basis. A lot of new employees come in; some move out from the company, and a few internal movements as well. Managing these movements effectively is part and package of an IT leader / IT team.

In this blog, we dive deep into how to manage your IT offboarding process effectively. Before that, let’s understand why IT offboarding has turned out to be a hassle of late.

Offboarding is all about relieving an employee/user from the roles and responsibilities within an organization. But it’s not as simple as it sounds; you are obliged to transfer ownership and responsibilities in a few cases. This will be followed by verifying if a user is deprived of all access to company information and data as soon as they are relieved of their duties.

Tracking all of this in a spreadsheet is inefficient and ultimately leads to a patchy offboarding.

What might be the cost of patchy offboarding?

Data breaches:

Not revoking access to ex-employees might lead to unauthorized entry to outside entities on business data. As a matter of fact, 20% of businesses have experienced data breaches connected to former employees.

Compliance violations:

Compliance with HIPAA, GDPR, and SOX regulations is essential. When a company's data is not being managed correctly, it results in a violation of the above-mentioned regulations.

Loss of data:

Ex-employee taking a copy of source code, source files, etc., can lead to severe consequences of the business model being replicated.

Wasted IT spend:

Lack of visibility into what tools the users availed and the number of unused, unprovisioned licenses.

Lack of ownership transfer:

Unable to access important files owned by the user or licenses bought by an admin who has moved on from the organization.

Here’s a complete offboarding checklist:

1. To manage, first get visibility into the users:

Before de-provisioning accessibility to the user, businesses must ensure that the ownership and licenses are transferred to the successor or other privileged employee. Not doing so will result in an inability to access documents and edit or cancel licenses/subscriptions bought by the owner.

Businesses must understand that they need complete visibility into what tools and applications a to-be-offboarded employee uses. And without a platform that gives you complete visibility into your applications used, what good would be a mere ownership transfer?

A Software Management Platform like Zluri gives you complete visibility into your employee applications. Here are the five methods through which applications are identified.

• Identity providers - Gathering data from SSOs like Google, Okta, and OneLogin.
• Desktop and browser agents - Collating data from applications installed on employees’ systems locally and through browser extensions.
• Integration to applications - Native 800+ integrations via API and 250000+ application accessibility.
• HRMS - Garnering employee data based on departments and hierarchies to define roles and privileges.
• ERP - Consolidating not just the employee data but also the associated transactions.

With such discovery capabilities, you’d have a 360-degree view of the applications your employees use, the licenses and subscriptions they are a part of, etc. This helps overcome Shadow IT on an organizational level.

TechRepublic also found that 70% of IT decision-makers surveyed said it could take up to an hour to deprovision all of a single former employee’s corporate application accounts.

Once you have this visibility, the next step is understanding the applications from which the ownerships must be transferred.

• Two key offboarding functionalities of Zluri
  • Data Transfer - Any doc, sheet, or presentation owned by an ex-employee can be transferred to another employee.
  • Future email forwarding - In cases where you need to be updated with ex-employees emails, you can enable email forwarding.

2. Remove access to all applications before revoking SSO access:

Since you have complete visibility into the applications your employees use with Zluri’s discovery methods, you can easily revoke access for leavers from one dashboard.

But you may ask, “If the employee’s work email address and SSO access will be revoked, why should one remove user access to individual applications?”

Revoking SSO access might prevent access but doesn’t wipe the log data from those applications. This leads to one key issue,

• The employee’s session runs forever. This means you’ll be paying for their license, although they are no longer a part of the company, leaving the associated data unsecured. As per a report, organizations use only 56% of the SaaS licenses acquired.

Ultimately, removing access to all applications secures the business data and cuts costs on unused licenses.

3. Revoking access to Identity Providers (SSO):

After removing all applications and licenses associated with the user, now is the time to remove the user from the single source of truth, the SSO(Since most of the apps are powered by this)

Bottom-up de-provisioning: Unlike most offboarding practices, removing access to identity providers before the applications will result in a major handicap. For example, a finance manager leaves the organization, has sole administrative privileges to a few apps, and has also purchased various add-ons. In such instances, disabling SSO means not removing access from the application; this handicaps you from administrating the application post the finance manager’s move.

This top-down approach of offboarding will handicap you from making changes to existing licenses/plans and changes to admin rights once the email is disabled. Before deleting system access from SSO, ensure all accounts under all applications are deleted.

4. Revoke remote accessibility:

Businesses operate differently; few companies enable employee access only via VPN, remote desktops, etc. Often, ex-employees would be able to access business resources using remote accessibility methods unless they are revoked.

50% of former employee accounts remain active for longer than one day after departure. With a further 25% of accounts remaining active for a week or longer and the remaining 25% remaining active for an unknown length of time.

As a part of offboarding, you must ensure all of your ex-employee's access to all remote login methods is revoked.

5. Credential change for shared accounts:

Employees within the organization might be using shared accounts to access certain applications like Zoom, Grammarly, etc. In instances where the shared account owner or user moves on from the organization, they would still have the credentials for the shared account.

As and when the employee moves, the shared account sessions, tokens, and credentials need to be changed to secure the shared account from any breaches or data loss.

6. Recover all IT assets the employee was enabled with:

Firstly, having a log of all the IT assets employees were enabled with is essential. Once the employee is completely soft offboarded, the next step of the process is to retrieve all the hardware assets the employee used. This includes Laptops, Monitors, hard disks, access cards, and any other business equipment.

7. Consistent scrutiny of logs:

Although an employee is offboarded with these set processes, monitoring the log activity is a good practice. In some cases, applications come with a specific buffer time before permanently deleting an account. When the ex-employee tries to access the account, this might lead to the account not being removed from the database.

To implement a seamless IT Offboarding process, sign up for a free demo with Zluri.