What is deprovisioning?
Deprovisioning is the part of the employee lifecycle in which access rights to software and network services are taken away.
Deprovisioning typically occurs when an employee leaves a company or changes roles within an organization. It is the opposite of provisioning, the part of the employee lifecycle in which employees are provided access rights to software and IT services. Provisioning occurs as part of the onboarding process. Deprovisioning occurs during the offboarding process.
During offboarding, deprovisioning removes individual accounts on file servers, single machines and authentication servers, such as Microsoft Active Directory.
Why is deprovisioning important?
In addition to preventing former employees from accessing corporate resources, deprovisioning also frees up disk space, ports, certificates and company-issued computers for future use.
Organizations should audit and keep track of information during the deprovisioning process, including information such as who authorized the deprovisioning, the date deprovisioning occurred and what actions were taken. For compliance reasons, some organizations save deprovisioned accounts for a short period of time in case they need to restore credentials, files or workflows during an audit.
Organizations need to properly conduct deprovisioning whenever an employee leaves or changes positions to ensure data remains safe. A Beyond Identity survey found that 56% of employees who retained digital access said they used it to harm their former employer.