I recently noticed that when employees change departments, they often retain access to systems they shouldn't be using anymore. For instance, a guy transferred from sales to engineering six months ago and still has access to Salesforce and commission systems, even though he hasn't interacted with those since March. This situation commonly occurs, leading to an accumulation of unnecessary access rights. While HR keeps us informed about new hires and terminations, they don't communicate internal transfers effectively. Management only approves access for the new role without checking what the employee may still have from their previous position. After running an audit last month, I found several individuals with permissions linked to multiple jobs. Some even had admin access to systems for divisions we sold off two years ago. It seems that without a process to address these internal moves, access just piles up. What strategies do people use to avoid manually checking every department transfer?
6 Answers
In my experience, disorganization in access management is common. Achieving balance requires strong communication between teams and a solid process in place. The 'M' in Joiners, Movers, Leavers often gets overlooked and that is usually where the chaos begins. Sometimes businesses even want users to maintain access temporarily so they can train someone or because of overlapping responsibilities.
Exactly! It’s easy for companies to forget that efficient role management is crucial during transitions.
If only you could overlook this issue in a more regulated setup. Having mandatory access roster reviews would help ensure everyone’s permissions are current and relevant.
Sounds like you’ve already pinpointed the issue. First, you should examine the processes surrounding employee transfers. Then, look into tools that could automate the updates to access rights in line with those processes.
In our setup, we link job titles to role groups that automatically adjust permissions when someone transfers. This system revokes old permissions and assigns new ones seamlessly. It took us a while to refine the process, but it works efficiently now—new positions reflect the correct permissions automatically, minimizing risks.
That’s a smart way to handle things! We consider temporary access for transitions as well, but it's trickier with overlapping roles.
This method sounds solid—especially how it automatically creates tickets for reviews when roles shift.
Our HR system notifies us when job changes occur, which prompts an access change ticket that removes previous permissions automatically. To keep track, we document these changes through our infrastructure. It reduces confusion, but it’s still a challenge if HR doesn’t inform IT of the transfers promptly.
Exactly! Timely communication is essential. If that step falters, it can lead to big headaches for the IT team.
True! If the systems aren't communicating, it's tough for IT to keep access in check.
We took a different approach by analyzing access risks, especially since we had ISO 27001 compliance to consider. I worked with HR to create a process that automated notifications for managers when an employee’s role changes. This method allotted managers the chance to confirm or reject lingering access. It tied their responsibilities directly to performance reviews, which definitely added a layer of accountability.
That’s genius! Making it part of their performance review is a strong motivator.
HR and IT collaboration is key. Keeping both teams in good standing makes handling these issues much smoother!
Yeah, I've seen that too! It's like managers expect someone to handle two roles without thinking about the access implications.