IT Briefcase Exclusive Interview: Minimizing Risks Brought on by the Shadow Workforce

According to OneLogin’s Curse of the Ex-Employees report, 20 percent of organizations admit accounts belonging to former employees remain active for one month or more after an employee has left the company. Unknown to employers, these “ghost employees” are harboring company data for months or even years after leaving an organization. This has resulted in the growth of a “shadow workforce” – or an underground network of ex-employees with access to the company network. In this interview, we connected with Al Sargent, senior director at OneLogin, who shares how companies can minimize risks brought on by this shadow workforce.

• Q. What are the biggest risks brought on by the shadow workforce?

A. First, let’s define the shadow workforce. According to the US department of labor statistics, the shadow workforce encompasses, “a large mix of different arrangements: part-time employment, hiring through temporary-help employment agencies; working as a self-employed consultant; … and more.” It might also include people driving for Uber, or stylists working for Stitch Fix.

The biggest risk of the shadow workforce is that they’re not fully off-boarded from apps when they stop working for a company, enabling them to continue to access company data.

• Q. What steps do companies need to take to minimize these risks?

A. Companies need to manage shadow workforce identities in the same way they manage employee identities. Companies need to store shadow workforce identities in a human resources system of record, such as Workday, UltiPro, or Namely. Then, use those identities to automatically setup application access when onboarding, and revoke it when offboarding. This is how Stitch Fix reliably on- and offboards thousands of stylists who come and go with just a few IT administrators.

These former employees are using applications, accessing company documents, spying on former coworkers and vendors, and more, without many realizing this to be the case. With the shadow workforce only increasing, it’s crucial that employers take the steps above to minimize risks brought on by ex-employees.

Al Sargent, Senior Director, OneLogin

Al Sargent started coding at age 10, wrote his first computer game at 12, and by 13, got sent to the principal’s office for skipping class to code. Decades later, he’s now senior director at OneLogin. He loves the process of crafting stories about technology: understanding customers and users, what they care about, and how they use software in their jobs and lives. Prior to OneLogin, Al helped create the world’s first software-testing cloud, Sauce Labs; drive the fastest-growing business unit at VMware; advance market-changing open source technologies such as Spring and Cloud Foundry; and build a new software category — Software Analytics — at New Relic.