Identity Governance Blog

How Turbulent Economic Conditions Underscore the Need for Identity Lifecycle Management

By Andrew Silberman, Product Marketing Director at Omada

June 23, 2022

Many economists and financial talking heads have been warning of an impending economic slowdown, or even a recession in the coming months as the United States Federal Reserve is faced with the seeming inevitability of raising interest rates to combat inflation. After a long period of massive corporate profits and soaring growth due to historically low interest rates stemming from the COVID-19 pandemic, the public and private markets are responding by tightening their belts as money becomes more expensive to borrow.

As economic conditions change with the wind, there are a variety of fallout effects that can happen. These types of events all have real ramifications that necessitate strong identity lifecycle management. Here are four actions that businesses may take when faced with changing economic tides that are represented in both good times and bad, that underscore the need for comprehensive identity lifecycle management.

 

1. Corporate Layoffs. First, the bad news. During downswings in the economic climate, layoffs are an unfortunate action that some companies feel is necessary. Within the context of identity management, as layoffs happen, organizations need to move quickly to deprovision access for anyone leaving the organization.

For one, some employees or contractors may feel slighted to be shown the door, and the angst of waking up one day without a job can, in some cases, make people act vengefully. For those with sensitive access, this could lead to stolen files, intellectual property, sensitive data, or company secrets that malicious actors take off their computers as they are on their way out.

On another, less malicious, but still dangerous note, as people are let go if their access remains active, this can serve as easy targets for attackers to breach the network and masquerade as a trusted insider. Unowned, or orphaned accounts are less likely to be monitored and can be challenging for organizations to manually assign ownership of. Identity lifecycle management helps to automatically deprovision access as soon as an identity is no longer part of the organization and helps to assign now-unowned accounts elsewhere.

 

2. Rapid Growth. On the flip side, in rosier economic times, companies will hire lots of new people to help spur future growth and initiatives. With an influx of new people joining the company in a variety of job functions and roles, making sure that these people are provisioned with the right access to ensure productivity is essential.

As people join the organization, there are a variety of access rights and entitlements that they will require to do their jobs. To help support, building out strong role and policy models can result in time saved for administrators who can easily spend huge amounts of their time assigning basic rights like email, 401k plan information, and more. Further, without these basic entitlements, new workers can be left sitting at a blank screen, unable to participate in their job functions until their access is approved.

Additionally, managing those identities to make sure they have access relative to their job, function, department, projects, duration of employment (if a 3rd party contractor), or otherwise can be huge in terms of optimizing productivity for the workforce; particularly when people are joining en masse.

 

3. Hiring Freezes. Another potential downside of broader economic stagnation is companies freezing or slowing hiring practices. This trend inherently does not add new identities to the mix, or remove existing ones, but instead may cause existing workers to take on new jobs, wear multiple hats, or move departments to cover for others.

Much has been documented about the cybersecurity skills shortage, with more than 2.72 million open cybersecurity positions still open organizations are forced to do more with less. This extends to all job functions now, as some organizations have put the breaks on ambitious hiring plans and are telling existing staff to buckle up and take on more responsibility. As such, provisioning additional access to people as they take on new projects, manage new data, or otherwise is an important component of identity lifecycle management to maintain business operations.

On the other side of the coin is to make sure that as people take on new or different projects, the old access that they might not need anymore is removed. This function of identity lifecycle management helps to prevent entitlements creep, which can result in blind spots and other soft targets for attackers to exploit.

 

4. Mergers and Acquisitions. The world of M&A is always exciting, with new combinations of companies presenting customers with deeper and expansive capabilities, one of the biggest recent examples being Broadcom acquiring VMware for $61 billion. These types of deals are done in all types of economic climates, but what is consistent is the need to manage all the new identities that are absorbed in a merger or acquisition.

Even putting aside the need to manage the swaths of new data, applications, and infrastructure that come with an acquisition, having tools in place to accommodate the influx of people joining the organization, seemingly overnight can be daunting for teams. Identity lifecycle management can make sure that these people are assigned like-for-like access that is secure but not at the expense of productivity.

 

Handling the entirety of each identity’s lifecycle without automated processes does not have to be time-consuming, costly, or error-prone. As part of Omada IdentityPROCESS+, there are several key components to Identity Lifecycle Management that are critical to follow best practices to ensure business efficiency is optimized, security is tight, and compliance is met.

Let's Get
Started

Let us show you how Omada can enable your business.