This article examines the costs associated with manual user provisioning and how Identity and Access Management (IAM) user provisioning can:

• Reduce administrative and support costs

• Increase cybersecurity

• Increase user productivity

• Improve regulatory compliance rates

What is manual user provisioning and what does it cost?

User provisioning refers to the tools and processes used to manage user accounts, credentials, roles, and access rights across multiple systems in an organizational environment.

User provisioning activities are frequently performed using manual processes following instructions kept in a Word document or a spreadsheet (manual user provisioning). Multiple provisioning tools are used by and siloed in different organizational units. It can take several tools and groups to fully provision access rights for a single user and there is little to no automation in the process.

There are many hidden costs associated with manual user provisioning. These costs can be significantly reduced by using Identity and Access Management (IAM) user provisioning.

Here are four key areas where manual user provisioning impacts organizational costs and risks, and how automated IAM user provisioning can reduce and eliminate these costs.

IT administrative and support costs

Seasoft Security found that most small to medium size organizations must create, change, and remove about 10–15 accounts per user for an average of ~13 accounts/user. When user provisioning is performed manually—at an estimated 30 minutes labor per individual account and an average labor cost of $75 per hour—it creates a significant operational and cost burden.

For example, using these figures we can estimate 975 hours of IT administrative labor cost per year for an organization of 500 employees, resulting in approximately $73,125 in annual IT labor costs.

• 10% turnover with 25 new user provisioning (adds) and 25 terminations (removes) annually, with each user request requiring about 6.5 hours to provision (13 accounts/user * 30 minutes/account) or 325 hours of IT labor cost ((25 users * 2) * 6.5 hours/user).

• 10% of user accounts will need two or more user access changes for 650 changes per year (500 users * 13 accounts/user * 10%). Each user account access change request requires 1 hour (30 minutes * 2 changes) for a total IT labor cost of 650 hours.

• Total IT labor costs will equal 975 hours (325 hours user provisioning/deprovisioning cost plus 650 hours user account change cost) * $75/hour labor cost for a total labor cost of $73,125.

Implementing an automated Identity and Access Management (IAM) solution can significantly reduce the time and cost associated with manual provisioning, while also improving accuracy, consistency, and security across the organization.

Security exposure risks

There are several security exposure risks associated with manual user provisioning, including:

• Data exposure risks: Manual user provisioning mistakes create a higher risk of security breaches, data theft, malware, ransomware, and other cyberthreats.

• Delayed deprovisioning: User accounts associated with terminated users are still active on the system, leading to ghost accounts and orphaned accounts that are never removed.

• Identity access drift: User access permissions increase and drift away from their authorized assignments.

• Lack of role-based access controls (RBACs): User access rights are assigned per individual user rather than by role, leading to errors, higher costs, and vulnerable security configurations.

• Over-provisioning: User accounts are provisioned with excessive authority, increasing the harm that can be incurred from security incidents.

These risks can result in significant financial and security exposures, including fines and penalties, legal risk, data exposure, and ransomware demands. Automated IAM user provisioning increases security by eliminating provisioning mistakes and misconfigurations common with manual provisioning.

User productivity delays

Manual user provisioning frequently results in productivity delays, as users wait for provisioning changes to become available.

Some of the most visible losses occur when new users are added to enterprise systems. Given user workflow approvals for system access and the lag time needed to provision users on all required systems, it’s unclear whether all users will receive system access immediately on day one.

Users can also suffer productivity delays when new access is required, to correct previous manual provisioning errors, or when they change roles and responsibilities. Some industry sources estimate that each employee wastes an average of 11 hours a year waiting for application access and that over 40% of employees report still waiting for access to applications after more than one week.

Productivity delays can be significantly reduced by implementing an Identity and Access Management user provisioning solution. An IAM solution can automatically provision new users and quickly implement access changes and corrections, reducing the delays associated with manual provisioning.

Compliance and auditing risks and costs

Heavily regulated industries, including finance, government, and healthcare, can incur significant penalties when compliance violations occur. Risks and their associated costs include audit failures, significant financial fines and penalties, legal issues, and revenue loss.

Manual provisioning can cause compliance issues and penalties due to inconsistent provisioning, overprovisioning, SLA violations, missed requirements, and other configuration mistakes.

Identity and Access Management solutions can provide consistent, compliant, automated user provisioning across multiple systems. Using automated provisioning, role-based access controls (RBACs), access monitoring, and automated logging and auditing, IAM solutions help keep enterprise systems in compliance better than manual user provisioning.

Learn more about IAM user provisioning

Contact Seasoft Security to learn how tools like Tello can help you implement effective automated Identity and Access Management user provisioning. IAM experts can provide tailored assessments and recommendations for automating your user provisioning process.