Reducing Risk in the Joiner-Mover-Leaver Identity Process Landscape

Hiring new employees and awarding promotions from within can be promising for company growth — but challenging for IT teams. The job market is hot, filled with millions of openings and new hires. For the HR and IT departments, it leads to the Joiner-Mover-Leaver (JML) identity process landscape and creates some challenges.

A joiner is a new user that has been granted access to company data, typically someone who is hired by a company for the first time. A mover has changed their access, say in a promotion (which requires heightened permissions to systems and data) or a shift to a new department (requiring old permissions to be removed and new ones to be granted for separate systems and data). And, as the name suggests, a leaver has left the company and their access should be revoked.

According to Verizon’s 2022 Data Breach Investigations Report, 82% of all breaches involved the human element: Whether that’s phishing or using stolen credentials, hackers are finding ways to capitalize on human error. With employees constantly coming and going in the JML landscape, it’s difficult to stay on top of all those accounts and keep them secure, opening up the floodgates to malicious actors. 

Bravura Security can help make it simple and easy for your IT team to mitigate risk and solve potential problems. The Bravura Security Fabric offers a number of products to manage identities and credentials across platforms to increase security and satisfaction. It is the only single-platform solution that combines identity management, privileged access, and password management. Strengthening your security controls with Bravura Security improves IT service and lowers overall cost.

Let’s take a look at the vulnerabilities presented by users joining, moving within, and leaving companies, and how Bravura Security can help reduce security risks at every step.

Joiner

With any new hire, you want to ensure they have easy access to company platforms during the onboarding process. But without strong authentication, it broadens your attack surface. 

An Arkose Labs study found an 85% increase in login and registration attacks in 2021. Worse, a BigID study reported that just 7% of organizations strongly agreed they can enforce data protection policies effectively. These are huge vulnerabilities in credential security because strong authentication is too often an afterthought.

By having each new hire register with Bravura OneAuth, you’re implementing passwordless authentication. The user never has to know or remember a password!

The new user could register for other business applications with Bravura Safe to simplify password storage, auto-generate stronger ones, and encrypt important files in a high-security database. You can also have them register with Bravura Pass to set up their new random directory password and store it in Bravura Safe. 

This host of tools will help your company increase its security posture when onboarding a new hire without the typical security friction. 

Mover

Research shows hiring from within is great for your company. Seventy-one percent of people surveyed by Joblist believed hiring from within is better for scaling a business and 56% said it improves morale. 

However, moving users within a company and updating their access can be one of the more tedious and time consuming processes for both IT and the business to get right. The need to add new access which is potentially dependent on authorizers unfamiliar with the promoted user in parallel to revoking access associated with the users legacy role, can create a log jam of manual requests/approvals that are difficult to track & fulfill.   In the absence of mature processes and centralized identity security tooling companies typically revert to two scenarios to resolve this challenge: give the user access to everything and fix it later, or give the user whatever additional rights a similar user has. In the rush to get the employee up and running in their new role, security is all but forgotten because the step of fixing it later almost never happens. 

Bravura Identity can ensure that movers are processed efficiently through the power of automation; new line managers are invited to provide timely authorization while old managers are invited to revoke and certify legacy access. Good governance is maintained and the user is moved with little impact to productivity & efficiency.

While it can be difficult to determine what level of corporate access a mover needs to do their new job, the problem is exacerbated when it comes to integrating the moved user into new business teams & projects. Often time’s business teams or project teams collaborate within third party tools, sites & applications outside the reach of Corporate IT. Enabling access to these environments comes down to sharing credentials with colleagues in order to get work done. Bravura Safe solves this problem through a team-based model for sharing access. Team leaders decide who to invite and how to authorize requests. Corporate IT reduces risks through sharing policy that isappropriate to that team and the role it fits within your company.

Leaver

When an employee leaves the company, IT may think it has an easy solution on its hands: “I’ll just disable the user’s main account. Then we’re good!” 

But that’s not necessarily the case, especially if your business and devices aren’t under centralized IT control. Former users could still obtain sensitive information if your company doesn’t take steps to revoke their access from every angle. Several Bravura Security products can successfully disable that in four easy steps. 

First, block the former user through Bravura OneAuth and Bravura Pass. Then, disable their accounts integrated through Bravura Identity. It detects changes in hiring records and automatically does the work of removing access. Make sure there’s nothing even temporarily accessible to them by revoking access in Bravura Privilege. Lastly, transfer all their important information stored in Bravura Safe to a trusted team leader. By revoking access from all possible angles, you’re ensuring critical information stays within your company instead of trying to do damage control when it’s too late. 

The JML landscape will always present challenges at every stage. Companies experiencing a wave of new hires, promotions, or two-week notices need to ensure a plan is in place to keep data secure. 

Bravura Security’s wide range of products guarantees company security, so you don’t have to. To learn more about Bravura Security’s products and determine which ones you need for your business, take a look at our product brochure.