No employer wants to hear the words “I resign.” However, that’s a phrase that has been uttered with more frequency across the Asia region. In the so-called post-COVID world, working from home is no longer a perk—it’s now a necessity.
That’s only a small example of the change. A larger concern is the number of skilled workers that reassessed their own relationship to work and sought opportunities elsewhere.
Mercer recently found “a growing shortage of skilled workers in Asia” that was “making it more difficult to attract and retain talent,” noting a higher turnover rate in Indonesia, the Philippines and Thailand. In ADP’s annual workplace survey, Singapore workers reported that they expected to stay at their current organization for an average of 3.35 years—down from 3.61 years in the previous year. That trend was even steeper for younger millennials, whose expected average time at their employer dropped off from 3.5 to 3.05 years.
It’s not all bad news for employers: Mercer also found a resurgence in hiring for Singapore companies. But these trends underscored an existing business need like never before: IT teams must examine the of impacts of greater turnover on security, in particular the risks associated with identities and account management. With tenured employees leaving and new staff brought in, the challenge of easily provisioning (or de-provisioning) access to employees was brought to the fore.
We hope the following insights can help business leaders adapt to these trends and future-proof their business, reinforce security, and ensure that their employees remain productive.
Good lifecycle management can make managing identities and access more efficient, streamline regulatory compliance processes, ensure that employees have access to the resources they need and help organizations move toward zero trust approach in their environment.
As significant as the benefits of good lifecycle management are, the risks resulting from bad lifecycle management are even more concerning.
Lifecycle management begins by addressing the joiner-mover-leaver (JML) problem: how to provision identities when a new employee joins an organization, how to change their access when they move roles within an organization, and how to remove any permissions when someone leaves.
Poor lifecycle management can lead to significant risks: threat actors used an inactive VPN account to breach Colonial Pipeline. More recently, Russian threat actors breached a non-governmental organization (NGO) by enrolling an inactive account in MFA that shouldn’t have been, then exploiting the MFA configuration to essentially deactivate it. Inactive accounts are attractive targets for threat actors because there’s no one watching them.
It’s not only outsiders that present a threat when it comes to inactive accounts. A user who leaves an organization on bad terms, for example, can wreak havoc by using their credentials to continue to access sensitive information or resources indefinitely—or at least until the security team becomes aware of the problem.
Moreover, it’s not just inactive or orphaned accounts that pose risks. Think about an employee who switches roles within a company, moving from Finance to Marketing. If she maintains her initial entitlements, she may continue in her new role but retain the privileges that would allow her to approve her own expense reports—a toxic combination.
Can your organization claim that it ‘knows’ who its users are? Do you know what they have access to? When that access ends (or should)? Most organizations don’t.
Implementing regular, disciplined lifecycle management is more challenging than it’s ever been because people have access to more resources than ever, and their access is constantly changing.
It’s easy to see why: 61 percent of organizations say their cloud environments change every minute or less—and nearly a third say their cloud environments change at least once a second. As a result, Gartner expects that businesses using cloud resources should expect at least 2,300 least privilege policy violations, per account per year—unless they do something about it.
Those trends have underscored the need for organizations to improve their identity governance and administration technology and secure lifecycle management. Doing so reduces risk by providing constant visibility into who an organization’s users are, what they have access to, what they’re doing with that access, why they need it and—most critically—when their access ends or changes. It enables security teams to see what to protect, what legitimate baseline activity looks like, who the genuine users are (or aren’t) and when it’s time to remove an account because it’s no longer in active use.
You can’t manage what you can’t see. Developing that degree of visibility into who has access to what can be difficult for security teams: limited bandwidth and the Great Resignation are creating a higher-than-usual degree of turnover and change.
Since 2006, Fortune 100 and global enterprise customers have turned to SecurID Governance & Lifecycle (G&L) to help them gain visibility, insights, and control over access to all applications, systems, and data. In 2021, KuppingerCole named SecurID G&L an Overall Leader in their Leadership Compass report for the third consecutive year.
SecurID G&L Cloud delivers our full-featured, high-performing solution and market-leading capabilities from the cloud, freeing your security team to focus on your core business. Our team of experts lets you work smarter by taking responsibility of management tasks of the G&L solution, such as:
- Monitoring, upgrades, maintenance, and patches
- Monitoring of access reviews and collections
- Reporting and dashboards
- Virus scans performance testing, penetration testing
- Resolution of stalled workflows and processes
- Customer success manager, 24/7 Support, Education subscription, and more.
With SecurID G&L Cloud, customers avoid the cost and time of building out their own IT infrastructure to support identity governance and administration (IGA) and save on operational costs through our managed solution.
Whether you are new to SecurID Governance and Lifecycle or are considering migrating an on-premises implementation to the cloud, we can help accelerate your digital transformation and deliver a flexible and scalable IGA solution to your business.
To keep pace with the Great Resignation and the rate of access changes today, it’s important not only to adopt lifecycle management but also to look for solutions that automate the processes associated with access reviews and other lifecycle management activities.
It’s even better when automated lifecycle management activities are part of a zero trust approach to security, in which trust in the user’s identity and access privileges are never assumed. The visibility into access that good lifecycle management provides is essential to moving an organization toward zero trust.
Poor lifecycle management can have disastrous consequences, but effective lifecycle management can help organizations avert the worst outcomes—and realize new benefits.
Whether it’s the Great Resignation, the global pandemic, or some other unanticipated trend, SecurID provides the simple, safe, and secure solutions needed to future-proof your business and protect what matters most: your identities.
Learn what to look for in a solution and how SecurID Governance & Lifecycle can help.