It isn’t uncommon for us to talk to prospects who see the value of our software, but have to sell it up to their management. Often these IT professionals see the value of automating user provisioning and de-provisioning because it saves them time and because it makes their job easier to have quality and up to date information in Active Directory. But that doesn’t always sell.
So I have started to try to paint a picture. A picture of your worst employee ever. Someone who you would not want to have access to your corporate data or systems for one second longer.
Now, imagine that your worst employee gets terminated. Yea!
But wait, we know that on average it takes 9 days for a user to be de-provisioned. What kind of damage could they do in that timeframe?
We also know that in most organizations 5% of the users in Active Directory are no longer employed there. What if your worst employee is one of them? What might they still be able to access?
Even if they are gone from Active Directory and it happens the same day that they are terminated, the average employee is provisioned into 16 directories but only de-provisioned from 9. Does wondering about those other 7 keep you up at night?
Don’t think this is possible? A recent Harris study revealed that 10% of IT professionals admitted that they still had access to systems at previous places of employment. If access for privileged users isn’t being shut down, what can that guy who got fired from accounting still get to?
If any of that concerns you (or your management), then you should be automating your processes.
Getting a user de-provisioned quickly, entirely, and without involving multiple human touch points closes security threats.
And now you can sleep easier knowing that the worst employee ever is truly gone from your work life. And Active Directory.