What is deprovisioning?

Deprovisioning is the process of removing an employee’s access rights from an organisation’s systems, apps and network resources when they are no longer needed. Deprovisioning occurs not only when employees leave an organisation but also when roles change or when temporary access expires. Deprovisioning is a key component of Identity and Access Management (IAM), which ensures that users only have the necessary permissions to carry out their jobs. Failing to properly deprovision can leave dangerous security gaps.

Provisioning vs deprovisioning: What’s the difference?

Provisioning is the opposite process of deprovisioning. It involves creating a user’s digital identity and making the organisation’s data, systems and applications available for employees and contractors. Provisioning occurs when an employee is onboarded, switches job roles or is promoted.

For instance, if a new marketing director is hired at your organisation, provisioning takes place as part of their onboarding. The IT department creates its user accounts and grants them access to the necessary marketing databases. After this is completed, they will be able to effectively transition into their role.

How deprovisioning works

When a user is offboarded or changes roles, the HR team typically relays the message to the IT department, which then informs system administrators to restrict or revoke access. System administrators review the user’s permissions across all systems, applications and network resources to ensure everything is disabled. However, with the assistance of IAM solutions, the use of automated provisioning and deprovisioning has become standardised across many organisations. Modern IAM solutions have made the process more automated, centralised and comprehensive.

What is automated deprovisioning?

Automated deprovisioning ensures that an employee’s user account and access privileges are automatically revoked when they are offboarded. An organisation may have hundreds of systems integrated with a user account, which can be a burden for administrators to manage manually. Using automated technology relieves that burden while also streamlining this tedious process.

Deprovisioning best practices

Here are seven best practices to follow for deprovisioning.

Apply the principle of least privilege

The Principle of Least Privilege (PoLP) is a cybersecurity concept in which users are granted only the access rights necessary to perform their job functions. Limiting access helps reduce the risk of insider threats, protects sensitive data and minimises the potential for lateral movement if an account is breached.

Use an IAM solution

Adopting an IAM solution can streamline the deprovisioning process because it automates the process of restricting or removing user access. Manually maintaining user accounts individually can be time-consuming and prone to human error, increasing the risk of security breaches. An automated solution helps minimise potential errors and strengthens overall security.

Adopt a zero-trust model

A zero-trust framework requires all users to verify their identity before accessing any network systems or data. By focusing on continuous authentication, zero trust provides greater visibility into all users and systems across the environment, allowing administrators to identify any unusual activity and respond to it more effectively.

Strengthen authentication methods

Authentication is the identity verification process a user, application or system undergoes before gaining access to any of the organisation’s resources. Ensuring that your organisation has secure authentication methods allows for continuous monitoring of user access, helping to mitigate insider threats.

Have an exit checklist

An exit checklist is a detailed list of tasks used to guide the offboarding process when an employee leaves an organisation. It includes all the actions an organisation must take to ensure the exit process is organised and that no critical tasks are overlooked. While checklists differ by organisation, they typically include actions such as revoking access to systems, collecting company devices, facilitating knowledge transfer and backing up data.

Monitor compliance

Tracking compliance involves ensuring an organisation meets all legal and regulatory requirements while identifying and addressing potential compliance risks. It is essential that all actions, such as revoking access to systems and securing company data, are executed properly. By closely monitoring compliance, organisations can reduce the risk of unauthorised access, data breaches or violations of regulatory requirements like the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR).

Perform backups

Securing an employee’s critical data through a backup before revoking their access is essential. This precaution protects organisations from potential data loss during the offboarding process, ensuring that any critical information is preserved when an employee leaves.