Implement rigorous access management and IT offboarding processes.
To successfully manage user access during employment—and revoke it when they leave—your business needs to build processes around the best practices for user lifecycle management. This includes managing employee access to IT services, maintaining awareness of access privileges, and instituting a rigorous IT offboarding checklist for departing employees.
Good news: we’ve done the research for you. At the bottom of this report, you’ll find guidelines for setting up internal processes as well as specific actions to take when onboarding and offboarding employees. In addition, you’ll find recommendations specific to regulated industries such as financial services, legal services and healthcare. You can download these documents at the end of this report.
Deploy a cloud storage service that’s more attractive than personal services.
Users want to access and share their files across multiple devices and collaborators. Personal services like Dropbox or Google Docs make that absolutely simple. If your corporate tools require even marginally more effort—even if it’s just logging in to the VPN—then people will naturally gravitate to the simpler solution.
That’s why you must provide a file sync and share service that’s as user-friendly as consumer tools but also gives IT full control over access privileges. (We, of course, recommend Intermedia’s SecuriSync.)
There are many obvious reasons you need IT control over shared files. But there are also some not-so-obvious ones. “If an employee stores sensitive or confidential data in personal Dropbox or Google Drive accounts, then this data is potentially accessible by outsiders the day the person becomes an ‘ex-employee’,” says Michael Osterman, president of Osterman Research. “In many cases, this runs afoul of data breach notification laws. This also complicates eDiscovery audits that require you to place legal holds on corporate data.”
And there’s one more risk: many well-intentioned employees spend their final day at a company clearing out their computers. What happens if, weeks later, you realize you’re missing some critical files? If they were stored on corporate cloud storage, then they’re simple to recover. If they were on a personal Dropbox, it’s much more challenging.
Utilize a single sign-on portal to manage and control access.
A single sign-on (SSO) portal gives employees access to all their apps with just one password. For users, it makes cloud IT as simple to use as the good-old “Start” menu: once you’re logged in, you click on any app—such as Salesforce, Quickbooks, webmail or thousands of others—and it launches immediately. There’s no need to type in any further passwords.
For users, SSO portals are popular because they eliminate the need to hunt for logins and passwords. This makes them more productive in the face of a sprawling cloud footprint. (In Intermedia’s previous report, Death by 1,000 Cloud Apps, we talked a lot more about the challenges posed when there are too many apps.)