Network World’s Mark Gibbs has posted a great article about how to exorcise the “ghosts” of past employees that haunt your systems.

Employees, whether they work for you for a short or long period of time, leave a trail of digital information behind. Emails on your mail servers, files, information on desktops, laptops and perhaps even smartphones, customized application settings, contributions to shared spaces like blogs, and much more.

When an employee leaves a company, most (sadly, not all) companies will think to restrict their user access. To delete mail accounts, remove FTP access, restrict privileges and so on. But, what do you do with the rest? And are there issues surrounding any of that clean up (well, of course, there always are!).

“Remove their files without understanding how their work related to the bigger business picture and, for example, the design and supportability of an entire product line could be compromised. Dump their e-mail messages and your ability to be in legal compliance could be lost. There are hundreds of potential consequences to removing their data and it adds up to what we in the pundit business call “a crap shoot.”"

The solution is not just to restrict access privileges, as that doesn’t tell you what the data is used for. Or if any ex-employees have left any surprises behind. The solution that Mark Gibbs poses is not an easy one, but it’s one that improves data security overall. The solution is to rethink data handling architecture - a centralized ID system that defines roles and access from the start. This way you can spot issues, as well as manage exit cleanup.

“This is a combination of identity management and strategic, top-down planning that displaces the old “strong passwords are good enough” approach because they aren’t.”

Of a related note, make sure you read our recent post: Passwords are Not Enough. Absolute Software can also help with some user issues, including software inventory management - knowing what’s installed, tracking machines as they change hands, sending alerts if users operate outside policies, & monitoring data changes.

Also of note, Lanxoma is conducting a survey about insider threats and how companies are tackling that issue. Since that’s something we talk about often on the Absolute blog, perhaps you’d like to take the survey here. Looking forward to seeing the results!

Clipart via Microsoft / Presentation Pro