While some of the costs of employee layoffs are well known, a new survey shows that many businesses encounter unexpected costs and risks when they take place. According to the survey by Oomnitza and YouGov, enterprises lost ten percent of their technology assets during offboarding. In addition, 42 percent experienced unauthorized access to SaaS applications and cloud resources due to incomplete deprovisioning. Worse, 48 percent of respondents reported that their tools and processes for offboarding employees weren’t properly automated.
The losses due to offboarding went beyond the costs of technology that wasn’t properly recovered. Organizations lost additional staff due to increased turnover as employees lost confidence in the company and as employees with needed skills were lost through poor planning.
The survey noted that these problems weren’t evenly distributed. Large enterprises were better equipped to handle layoffs, and had systems in place to data systems and enterprise assets were properly deprovisioned. Smaller enterprises, on the other hand suffered disproportionate losses.
Omnitza, one of the sponsors of the survey, is a provider of automation software designed to handle tasks such as deprovisioning. The company reports that the lack of adequate systems to handle layoffs was a significant factor in these problems. The reason for the problems, according to the company, is because reducing staff in a highly technological environment is far more complex than it was in years past.
“The increased risks are due to the influx of the technology,” explained Arthur Lozinski, CEO and cofounder of Omnitza. “Because there’s so many various technologies. There’s, of course, the obvious ones, which are the end user computing endpoints. There’s the applications that are installed on those endpoints, there’s the SAS applications that are accessed. There’s the infrastructure component, AWS production servers or development servers. Of course, there can be multiple of these cloud infrastructures. There’s also the on premise infrastructure, which can be accessed via VPN, SSH, and a number of different ways.”
Lozinski said that adding to the complexity, all of these actions are frequently siloed, so that there’s no single view of what’s being done. He said that most enterprises use their IT Service Management (ITSM) systems to handle deprovisioning, those depend on creating work tickets for each stage of the process.
“That’s a lot of tickets,” he said. “And so what ends up happening is that those tickets get missed. And because it’s the human errors just multiplied by the multitude of tickets, you just can’t hire enough people to manage all these tickets. So things get lost, and production data is accessed.”
How Bad is It?
How bad is this problem? “Let me give you a concrete example,” Lozinski said, “to off board an employee, it can take 145 tickets, maybe more, depending on their role, if they’re an engineer, if they have access to certain systems. If they are in in a certain type of role, maybe they’re a certain level of, of knowledge, it can take a lot of tickets, and it can take up to 30 days to get everything removed.” During that 30 day period, your systems are vulnerable.
“When you automate it, you’re talking about 1.2 seconds to get all of that information removed,” Lozinski said. “And the security concerns, the compliance concerns, the audit readiness concerns, the financial concerns are alleviated and put into the hands of the enterprise technology management tools.”
While deprovisioning your systems when one employee leaves can be a chore, when you lay off ten or fifteen thousand employees, management of the process becomes impossible without the right systems in place.
Lozinski advocates for designing your technology management systems with this possibility in mind. This may mean incorporating cloud-based technology management from the beginning, knowing that you’re probably going to need it someday.
The critical step, he says, is planning from the beginning to carry out these functions, because it might be impossible after the fact.