Today’s post kicks off a Q&A series with Joerg Hirschmann, CTO at NCP engineering GmbH. These questions and answers, which we will post over the next few weeks, are related to employee provisioning and VPNs.
Question: While user provisioning can enable efficient employee on-boarding, poor provisioning can result in expensive and irrevocable data leaks. How can enterprises make sure their provisioning is a benefit, not a detriment, to their overall security postures?
Joerg Hirschmann: VPN user provisioning should be as automated as much as possible to rule out manual flaws, which are often caused by workload, unplanned absences, etc. However, if not designed properly, even the best automated processes can allow security leaks to disrupt the corporate networks.
Normally, the provisioning process does not originate from the IT department; rather, it is initiated by HR once the decision is made to sign on/off staff or to provide access for external partners (temporary or permanent). Processes will have to be defined accordingly so that these kinds of personnel decisions will find their way into relative data records, which are then processed by IT. Therefore, a remote access solution must provide relevant interfaces to get synchronized with the appropriate databases.
The more time this information needs to be delivered to the relevant system, the bigger the security risks are going to be. It goes without saying that the processes defined need to be thoroughly tested and approved.
Stay tuned for more on employee provisioning and VPNs this week. If you have any questions that you would like answered, send them to firstname.lastname@example.org.
Joerg Hirschmann is CTO at NCP Engineering GmbH.