Managing the Risks of Contract ​Employee Onboarding

As a growing company, you have part-time employees, seasonal interns, partners, and contractors who all require access to your corporate apps and data. With these users coming and going at different times, and potentially spread across different departments and geographies, it’s easy to lose track of permissions and whose access must be revoked once a contract has concluded.

It’s important for companies to be careful about the permissions they grant contractors. Anytime an individual is given access to company apps and data, they become an insider in the eyes of the company – it’s critical there is a repeatable, scalable process to effectively oversee this.

The look of today’s security perimeters

When we think about how we keep people “out” in the analog world, it’s easy to understand. With doors and locks, we keep the things that are valuable to us safe and secure.

The perimeter is much different in the digital world. Because of the advancements in technology, the pace at which users are moving to the cloud, and the nature of the online environment, that perimeter as we’ve known is getting blurrier. It’s becoming more difficult to keep a network firmly secure – especially when information and access is evolving as quickly as your business.

When it comes to managing a single user identity, locking up one door is not enough. As companies continue to expand and more users are being let in (particularly contractors), IT teams need to provide ease of access without compromising security.

There are no such things as “outsiders”

When a company frequently brings in contractors for short-term jobs, onboarding and offboarding is a never-ending process. No matter how long any user is with a company, once they are let in, they are no longer considered an “outsider.” Optiv’s executive advisory consultant Richard Bird put it best during one of our Oktane17 sessions: “The best hacker in the world is Bob in accounts payable.”

Think of this scenario: a contract employee comes into a company for a single job. During that period, they are given access to the company’s network, apps, and data. Once this person’s contract ends, if HR has not yet advised IT about the termination, he or she may still have access to sensitive data and the ability to cause damage to the company if inclined to do so. This undoubtedly harms your company’s productivity (depending on the action), but may also negatively impact your company’s reputation. It’s not just your confidential documents at stake.

Managing onboarding and offboarding successfully means knowing who is accessing what, and when, where, and how they access it. By answering these questions for every employee, companies can determine what kind of permissions any individual should have, and how to manage them for the duration of their employment.

After all, “identity is like open heart surgery for your organization; it touches everything,” said Colin Anderson (Levi Strauss & Co.’s global chief information security officer) at Oktane17. “It’s not one of those things to be messed with lightly. It requires a lot of work and requires a fair bit of time to get right.”

Use all the tools and techniques available to you

Minimizing these risks starts with carefully tracking and maintaining the relationship with each individual worker – from the moment they are successfully onboarded to when they eventually leave the company. The department that hires the contractor determines what access the worker should have. The more rigorous and well-defined this process is, the easier it becomes to automate the onboarding and offboarding process thereafter through documented roles and groups. Identity management systems like Okta help make this happen by automatically provisioning new employees through applications like Workday.

Although the idea of a clear, secure perimeter has dissolved, access management and authentication can still be well maintained in the cloud environment. Through various cloud identity solutions like multi-factor authentication, Universal Directory, and lifecycle management, it’s easier now to manage and protect each one of these identities from a single platform while still focusing on a streamlined end user experience.

Employee onboarding and offboarding can be a convoluted process for any company’s IT staff. See how Okta’s cloud identity management and API solutions can make that easier.