Provisioning should blend the duties of human resources (HR) and IT and security departments. When asked where access and provisioning sits, most organizations say with IT, and if you’re looking at provisioning strictly from a technical perspective, this makes sense. But to truly protect an organization from wayward data leakage, HR should also be involved in the process.
Here’s why. Temporary employees are a likely source of data leakage. When temporary employees start and leave a company, HR is usually among the first to know, and is almost certainly alerted before IT. So if the HR team is controlling provisioning, they can quickly – even preemptively – activate safeguards to ensure access is adequately adjusted.
Ideally, HR could do this without tinkering with complicated secure access or IT systems. This is crucial because the HR team’s expertise typically doesn’t include access control or identity management, so pushing them too far into the technical weeds could be inefficient and lead to additional support load. To make provisioning easy for HR, we suggest creating an enable/disable feature on IT identities that HR could simply switch on or off.
For organizations not yet equipped for this, another solution is to name a liaison between HR and IT. This person would sit in HR but be tech-savvy enough to work with IT, to ensure proper provisioning and access control takes place. Organizations that insist on having IT enable the provisioning process should at least give HR the authority to give IT direction on provisioning. There are some visionary organizations that have integrated HR into the provisioning process. But unfortunately, most organizations are stretched so thin that provisioning falls to the backburner. This shouldn’t be so. After all, proper provisioning can protect an organization’s security and thwart costly, and often embarrassing, data leakage and breach scenarios.