Bulk of Ex-Employees Retain Access to Corporate Apps: Survey
- Verify your company has an effective and enforced access control standard and policy which requires that access be removed when an employee transfers within the organization or leaves the organization.
- Use Role based Access Control. Roles should be specifically defined by the needs to perform the duties of the roles and only those duties
- Privileged access should granted to the roles and not to the individual users. Individual users should then be added to the roles according to their positions
- ex: Database Administrator should not have the rights of the Operating System Administrator
- Perform periodic access reviews for privileged account users. Any users or groups who are discovered to have unnecessary access should have privileged access be immediately removed.
Intermedia Report on Rogue Access
Role Based Access Control (has links to other resources including the “Economic Benefits of Role Based Access Control”)