The Importance of Automated Offboarding to Keep Your SaaS Stack Safe - Adaptive Shield

The Importance of Automated Offboarding to Keep Your SaaS Stack Safe

Adaptive Shield Team

In the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life.

When employee counts range into five figure territory — and entire networks of contractors have to be accounted for as well — it’s easy to lose track of who’s, literally, coming and going. Oftentimes, there are “offboarding” steps that are forgotten about — disabling or removing the user from Active Directory or IAM is not sufficient as the user may have local credentials on some of the SaaS platforms or other sensitive systems. Leaving these users’ access in place exposes organizations to unauthorized data access.

When it comes to taking old users off systems – deprovisioning – there are a few best practices that should be borne in mind and followed.

Best Practices for Deprovisioning

Keep an Inventory. It’s essential that IT teams keep an up to date record, at all times, of all users with access to company systems. A channel of communication with human resources should be established for keeping abreast of events impacting the user inventory such as employee terminations. To be effective from a security standpoint, these systems need to be capable of scrutinizing both internal and external users. The vendor landscape can be constantly shifting.

Always be on the lookout: In addition to keeping track of intended system users, IT teams need to have a capability for user discovery that accounts for the full breadth of systems they may be accessing – both those in legacy environments, like on-premises systems, and in the mushrooming cloud environment.

Rigorous access control: It’s imperative that IT teams develop onboarding and offboarding protocols that account for the full extent of privileged employee computing access. If an employee has access to 3 internal systems and 30 cloud-hosted ones, then clearly limiting access to those on-premises will leave a gaping information hole that they will retain access to.

How to Automate the Deprovisioning Process

The meticulous mapping and security work that this process demands from a security team is vast. Adaptive Shield can streamline this process — a simple query in Adaptive Shield’s user inventory can reveal the user posture of the deprovisioned users’ accounts across the entire SaaS stack

When it comes to deprovisioning these accounts, automation tools like Torq – a no-code security automation platform – give security teams an easy way to integrate Adaptive Shield’s capabilities into an automated deprovisioning workflow. This vastly simplifies the process, reducing the amount of time it takes to fully deprovision users, and ensuring that no accounts are left active.

Figure 1: Automated Offboarding Workflow

In Figure 1, you can see a potential workflow where:

This workflow is just one example of how Adaptive Shield’s integration with Torq streamlines the deprovisioning process through automation, lifts the burden of manually auditing and deactivating accounts, and provides continuous visibility and control to increase the organization’s SaaS security posture.

About the writer

Adaptive Shield Team

Businesses today run nearly every facet of their operations using a wide array of interconnected SaaS apps. Adaptive Shield’s team is here to keep you informed as well as help you secure your SaaS estate.