Today’s employers increasingly use SaaS onboarding checklists to reduce ramp time and ensure new hires can access the tools they need. Yet, SaaS offboarding frequently falls through the cracks.
The need for a dedicated SaaS offboarding strategy becomes more critical by the day as the Great Reshuffle intensifies. Consider how in January 2022 alone, 4.3 million people quit their jobs, compared to 3.3 million in January 2021.
“In today’s cybersecurity landscape, even small amounts of company data are valuable on the dark web, which is a hacker’s big data solution to cause ill intent to your company, employees, or customers,” says Daven Combs, Director of Security at Zylo. “Leaving even a single application or system access uncovered by your offboarding process could perpetually funnel even more data to these spaces.”
Read on to learn more about the risks organizations face by ignoring SaaS offboarding and gain key tips to establish a SaaS offboarding checklist.
What are the Risks of Improper SaaS Offboarding?
Without a documented offboarding plan in place, your organization faces a wide range of risks, including:
Compliance violations: Former employees who can still access sensitive data put organizations at serious risk of Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) violations. In 2018, Anthem Inc. faced more than $16 million in penalties — as well as a $115 million class-action lawsuit — due to a significant (and largest-ever) HIPAA breach.
Loss of data: Failing to properly offboard SaaS can lead to significant loss of intellectual property, such as source code or trade secrets. Even worse, an employee who leaves on bad terms could intentionally delete critical data or share it with a competitor.
Confidentiality breaches: Whether intentionally or unintentionally, proprietary and confidential company information can make its way into the hands of your competitors. And if a former employee suffers a compromise of their accounts, you likely won’t know or be able to respond to the situation.
Data breaches: U.S. data breach costs rose to a painful $9.44 million. It’s also notable how companies paid higher fines when remote work contributed to the breach.
Wasted IT spend: Without a SaaS offboarding plan in place, you not only risk paying for an unused tool, it also prevents other employees from taking advantage of the license. Zylo’s 2023 SaaS Management Index report found that 44% of licenses go unused or underutilized in a given month. And while it’s likely among active employees, surely some of the licenses may be from those who no longer work for the organization.
Prolonged response time: Finding an ex-employee’s access still enabled will limit the ability to respond with the appropriate expediency your company, employees, and customers expect. The extra amount of time spent investigating and responding to the threat can amplify the risk.
Tarnished reputation: Any of the risks above can devastate your reputation and permanently affect how people view and trust the organization.
5 Tips for Creating an Offboarding Checklist
1. Establish separate procedures for voluntary and involuntary terminations
The experience will be significantly different when an employee leaves on good terms versus a sudden, unplanned termination. You need to prepare for both scenarios.
“When an employee leaves voluntarily, I like to send them a message to congratulate them on their new job, confirm their time zone, and when they’re going to be done for the day. This helps iron out any confusion,” says Sara Zerkel, IT Analyst at Zylo. “I also give them instructions on what they need to do with their computer and how to disconnect their passwords.”
For an unplanned separation, the employee will likely already have left the organization, so you’ll want to immediately work with the employee’s manager to take control of any software and equipment.
2. Deprovision the employee’s apps and services
Removing access to critical infrastructure proves key to a successful SaaS offboarding strategy. Make sure it happens early in the process.
“We always lock the user’s computer and deactivate IdP, which is like a one-click solution to deactivate all SAML-authenticated apps at once,” Zerkel says. “We also transfer the user’s drive to their manager to ensure nothing gets lost.”
3. Update shared passwords and logins
It’s common for several members of your team to use shared passwords. Even after removing access to specific tools, an ex-employee may be able to access sensitive data if you don’t change existing passwords.
4. Redeploy licenses to other teammates
Use the opportunity to transfer the software license to a different employee or offer it to the new hire who replaces the former employee. Even better, query your SaaS Management platform to determine if any employees requested access for the specific application.
5. Reassess the offboarding plan
Gather key stakeholders and routinely reflect on your SaaS offboarding checklist to determine what works and what doesn’t. Has the organization suffered any serious risks? How did you respond and what was the outcome? Make sure to update your checklist based on the outcomes of these conversations.
“With a strong offboarding process and checklist, you have the evidence needed to rule out a difficult — and possibly embarrassing situation — involving an ex-employee,” Combs says. “At the very least, SaaS offboarding adds another layer to your company’s defense to protect the confidentiality, integrity, and availability of your most-valued assets.”
Dive deeper into SaaS Management: Reduce ramp time for new hires with Zylo’s SaaS Onboarding Checklist.