Employee ghosts haunt your systems

What do you do with an employee's leavings? You attempt to exorcise the spirits.

People come and go in your organization all the time. A select few stay for years while others pass through in just months or even weeks. But whether they are lifers or transients, they all leave a digital ghost behind when they exit -- a trail of their interactions with your network and systems.

You'll find their spoor everywhere -- e-mail on your mail servers, data on your file servers, and information on desktops, laptops and even smartphones. They will change settings on applications, contribute to wikis and blogs, file reports and create and edit spreadsheets, word-processing documents and presentations. That's where the ghosts come from.

So what do you do with their leavings? You attempt to exorcise the spirits. You probably delete their server and e-mail accounts, remove them from LDAP servers, delete their access to FTP servers, remove their access privileges and deal with the clots of data they left behind. If you're really thorough you might even go so far as to purge them from your backups.

But when you do any of these things there's a chain of potential problems because all of their ghostly trails don't exist in splendid isolation. Remove their files without understanding how their work related to the bigger business picture and, for example, the design and supportability of an entire product line could be compromised. Dump their e-mail messages and your ability to be in legal compliance could be lost. There are hundreds of potential consequences to removing their data and it adds up to what we in the pundit business call "a crap shoot."

"Ah," you might expostulate, (that's OK, we're all consenting adults around here), "I'll just remove access privileges for accounts and leave their data and e-mail where it is and keep an eye on whether it gets used." Nice try Sparky, but that's not going to work.

The reason for its guaranteed failure is simple: You almost certainly don't know what their data really means. You can't possibly know what the use cases are for every file on your system and whether the fact that it gets used is relevant to your business or a side effect of some other process.

And then there's the biggie: The assumption of employee loyalty. What if the original owner was disloyal and left a steaming great pile of bits lying around that will eventually emerge to ruin your day? How can you know?

So here's what you can do: Rethink your data handling architecture from the viewpoint of what users are allowed to do. As monumental as that sounds there really is no other choice.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments