It’s a good thing I’m not bitter: how easy it’d be to wreak havoc on my previous employer
Authored by Anonymous SailPoint Employee
Before joining SailPoint, I worked at a B2B company for just over a decade. I loved my time there, and I still have nothing but the fondest of feelings for the organization, the people I worked with, and the work we did together there.
And, let me tell you, it’s a good thing that I don’t have an iota of bitterness or negative feelings towards my former employer because it’d be quite easy for me to disrupt their business. Even though I left the organization over a year ago, today I could still:
- Log into the “Admin View” of their LinkedIn page that I still have access to and remove the 12,000+ followers of the company. That’s 12,000+ clients, prospects, and partners that they have taken years to accumulate – wiped clean with a few clicks.
- Log into the customer dashboard and lift credit card numbers. You weren’t supposed to store card numbers in the “notes” section, but that rule wasn’t enforced, so I’ll bet I could find a dozen with ease.
- Access the marketing automation platform and send an email to every single person in the organization’s database (150,000+ people) informing everyone that they’ll get the popular $1,750 product for “the low, low price of $500” if they click and pay via a “special” link.
You get the picture. Now, I would never do any of the above. The point is that I COULD. Like I said, I’m not bitter. But what if I was? Or imagine an even scarier scenario: what if I were one of the many contractors to come and go that had the exact access that I had, but didn’t have a decade’s worth of warm and fuzzy feelings?
Identity lifecycle management and removing access permissions that an identity has when they leave your organization isn’t just a vital practice for employees. In fact, I’d argue, it’s even MORE important that access the contractor, partner, affiliate, volunteer, student, consultant, or ‘insert your non-employee worker type here’ is removed the millisecond access is no longer needed.
Otherwise, you’re at the mercy of someone who may be bitter. Or opportunistic. Or desperate.
Are you willing to leave your company’s financial future (and reputation) at the mercy of a contractor that worked for your organization for three weeks? Or a former affiliate who left your organization for greener pastures, but it didn’t turn out as he expected? This may sound like hyperbole, but I assure you it’s not.
It reminds me of a question that I’ve heard asked several times here at SailPoint: “How many unknown identities does it take inside one of your systems to be a risk?” The reality is it only takes one unknown identity to bring your company down, to lock up your servers, to vanish your funds, to bleed terabytes of data out of your organization. Just one.
There’s a lot at stake, and most organizations have a sizable identity gap with their non-employee lifecycle management. According to a recent report, 98% of organizations worldwide have a relationship with at least one third-party vendor that has been breached in the last two years.
SailPoint’s Non-Employee Risk Management solution provides better transparency into the dynamic relationships that organizations have with each non-employee. Increase your organization’s operational efficiency while managing non-employees in an easy-to-use application that helps facilitate commercial initiatives, supports regulatory compliance, and reduces third-party risk.
By leveraging Non-Employee Risk Management with SailPoint’s Identity Security Cloud, organizations can ensure that applications and data are secure by granting access to only the right identities at the right time, no matter if they are employees or non-employees.