Employee access stages
Often, access management can be divided into three stages: on-boarding, employment, and off-boarding.
On-boarding: In the on-boarding stage, new employees are provided with the initial digital resources they need to do the jobs for which they are first hired, but at many companies, it is not unusual for new employees to wait days, week, or even months for some services. These delays have a variety of adverse consequences, including low productivity, costs, and the encroachment of shadow IT.
Slow initial provisioning can be even more problematic for companies that need to be able to bring on temporary and/or seasonal employees quickly to deal with spikes in demand.
Employment: Once employees are on-boarded, things can get even more complicated. People get promoted, transferred, and reorganized, requiring changes in access requirements. The consequences of any latency between job change and resource provisioning can be similar: lost productivity, lower employee engagement, impaired business agility, and the security/compliance exposures that result from ad hoc employee work-arounds.
As with on-boarding, many aspects of job change can be addressed by having HR events trigger appropriate changes to the digital workspace—with check-box approvals by human managers as a safeguard. But because changes in job responsibilities among the active workforce are not always as cut and dried as those of a brand-new hire, more self-service means of desktop resource activation are also important.
Off-boarding: While often-neglected, off-boarding is extremely important. Any failure to remove user accounts as soon as employees are terminated or change positions can result in significant security and compliance exposures.
Unfortunately, it is not unusual for organizations to have user accounts lingering long after that user has left the company, leaving organizations vulnerable to malicious activity from disgruntled ex-employees or from cyber-criminals. In addition, such accounts can be deemed a regulatory violation by IT auditors.
Access management can serve as a central point of administration for all digital services, allowing elimination of all user privileges completely and immediately.