Active Identity of Departed Employee

Risk Category

Lifecycle Management

Risk Description

Learn how former employees' NHIs can create high security risks and how to remove their access with smart lifecycle management.

Why It’s a Risk

If these identities are not immediately revoked, they can be exploited by malicious actors, leading to unauthorized access to systems. Former employees with lingering access could intentionally or unintentionally expose data or compromise system integrity, posing severe financial, operational, and reputational damage.

Likelihood of Occurrence

HIGH

High, especially if offboarding processes are not automated or routinely audited.

Impact Level

HIGH

High, as it can lead to unauthorized access, data breaches, and potential insider threats.

Mitigation Strategy

Implement continuous NHI monitoring and lifecycle management to ensure timely deactivation of credentials immediately after employee offboarding. Regular audits and enforcing a Zero Trust model validate all access requests, preventing any unauthorized access by former employees.

Playbooks in Clutch

110

Applies for:

  • Cloud Service Provider

    AWSAzureGCP
  • Vault

    AWS Secrets ManagerGCP Secret ManagerHashicorp Vault
  • Source Manager

    BitbucketGithubGitlab
  • CI/CD

    CircleCIGithub ActionsJenkinsTeamcity
  • Password Manager

    1PasswordLastpass
  • EDR

    CrowdstrikeSentinelOneMicrosoft Defender
  • Data

    AWS RedShiftMongo DB AtlasMySQLPostgreSQLSnowflake
  • Network

    AkamaiCloudflare
  • PaaS

    AKSEKSGKEK8S
  • Collaboration

    Atlassian ConfluenceNotion
  • Project Management

    Atlassian Jira
  • Log Analytics

    DatadogElasticSplunk
  • IDP

    Google WorkspaceJumpCloudMicrosoft Entra IDOkta
  • CRM

    HubspotSalesforce
  • MDM

    IntuneJamf
  • IM

    Microsoft TeamsSnowflake
  • Ticketing

    ServiceNowZendesk
  • Automation

    TinesTorq
  • HRIS

    Bamboo HRHiBob
  • SIEM

    Exabeam (LogRhythm)Sumo Logic