Basically, there are two ways to do that revocation. The first is via brute force: going into every system and...
removing the access rights of employees who are no longer with the company. The other -- and better -- way to solve the problem is via a provisioning environment that will let you remove access cleanly and completely. By automating provisioning, you not only gain leverage in bringing new users on board, but by scripting the removal of all user accounts and access rights you also make sure that there are no loose ends remaining when the employees of the divested company are moved to new systems.
There's also the risk of data leakage in a divestiture. In many cases, information leakage is more accidental than malicious. Nonetheless, always make sure critical intellectual property does not go with employees to their new shop -- unless it's part of the deal anyway. It's not clear that software would effectively solve the problem, so you need to make sure there is a process in place to identify and protect data that should not be leaving your environment.
At a high level, the data protection process involves first understanding what data needs to be protected. I know it sounds simple, but a lot of organizations don't have a general understanding of what important data is. Then it's a matter of figuring out how that data should be protected. If software isn't going to work (especially in a divestiture situation), it comes down to training users and reinforcing what the corporation's data leakage policies are.
Finally an organization may want to look at a service that tracks how data appears on the Internet. Companies like Cyveillance Inc. can look for certain types of data and pinpoint potential data leakage and data misuse.
For more information:
Dig Deeper on Data security and privacy
Related Q&A from Mike Rothman
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them ... Continue Reading
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading