Unlocking Success: Expert IAM Solutions and Insights from GCA

The Top 5 Reasons Why You May Have Dirty User Data

Written by Bob Giguere | December 13, 2024

The Dangers Of Dirty User Data In Your Organization

Every organization has dirty data somewhere. With the sheer number of identities your company has to manage, it’s easy for small errors to happen. Dirty data can really impact the effectiveness of your Identity & Access Management (IAM) or Data Access Governance tools.  Even a small error or omission in a digital identity can provision the wrong credential and possibly allow unintended access to a database or application. Consequences for dirty data range from causing inconvenience for your users and slowing the pace of the business, to jeopardizing your compliance with industry and federal regulations, to putting your organization’s data in peril and at risk for cyberattacks from phishing and other types of data breaches.

Top Five Contributing Factors To Dirty User Data

#1: Misspelled User Names

Peet instead of Pete. Llogan instead of Logan. Bungled last names. Simple enough, but even an extra vowel or transposed letters can wreak havoc with your provisioning or governance tools. With all of the new names, creative and uncommon spellings, and first and last names from numerous countries and cultures, it can be hard to identify errors in a sea of digital identities. You may only find out about misspellings when your end user complains about it! And of course, names are a moving target so even clean data can be challenged by name changes due to marriage and divorce. Updates and name changes are something that all organizations deal with.

It’s vital that all user names are correct to ensure data provisioning works as you intended.

#2: Incorrect User Location

If your provisioning tools rely on user location to provision local access to tools, an incorrect user location can mean the incorrect user may have access where they shouldn’t. For example[j2] , we have a client that has numerous hospitals and clinics throughout the U.S. They specifically provision user access to the enterprise and healthcare management applications based on both the site where the user will be working, as applications vary from region to region and even hospital to hospital. For example, a nurse working in X hospital may have access to an Epic application, while a nurse at another facility 25 miles away may have access to a Cerner application. Without the correct user access, that nurse will have difficulty caring for their patients and performing their job duties. Dirty location data can be very problematic.

#3: Inaccurate Reporting Structure

Making sure your reporting structure – who reports to whom – is one of the biggest issues we see with data. Not having the correct manager in your data is a major contributor to data uncleanliness. The manager is the often the lynch pin for provisioning, as it flows into group and department assignments.  If a user’s manager is incorrect in your data, it can cause numerous problems with getting the right credentials attached to the right user, or complicate your access review process.

#4: User Status

The dreaded user status. One of the tenets of clean data is to make sure user identities are added and activated in a timely manner when a user is added (such as a new employee or contractor) and deactivated when they are no longer with the organization. Terminated employees should be deactivated immediately upon termination to ensure that all access is sealed off to your valuable, confidential data. Deactivation is also vital for regulatory compliance.

#5: Incorrect Contact Information

From phone numbers to email addresses and beyond, contact information can easily be inaccurate. How easy is it to transpose a number or letter?! Or what if a user mistakenly is using their personal email address instead of their business email address for their credentials? These types of errors can cause you a lot of trouble if you’re using that data as a unique identifier for your digital identities.  This too can cause numerous issues with IAM tools, from granting unintended access to a confidential application or database to removing access and inconveniencing a user.

The good news about dirty data is that it can be cleaned up. In our experience with clients, dirty data is something organizations need to look for and mitigate regularly. Consistent upkeep is the key to keeping on top of it, and our team uses many different identity management techniques to help our clients contend with the dirty stuff. We help our clients navigate their data by identifying an authoritative source for the correct data. Our team can perform impact analysis to compare data from multiple systems to identify inaccuracies and pinpoint the database that has the incorrect user data, and then take steps to correct it. In many cases an organization’s HR system is considered the database of record with the most accurate data (whether it be Workday, SAP, PeopleSoft or the like). Additionally, the user data in your Active Directory (AD) is a great resource for comparison and is another reliable database of record for certain types of information. We have several different techniques we can use to help you uncover your dirty data and find the “needle in the haystack.”