Deprovisioning is the process of removing or disabling identities, accounts, credentials, and access when they are no longer needed. It matters because old accounts and leftover permissions often become quiet but dangerous attack paths.
What is Deprovisioning?
Deprovisioning usually happens when someone leaves an organization, changes roles, a vendor engagement ends, a service account is retired, or a system is decommissioned. Good deprovisioning reduces stale access and closes unnecessary trust relationships.
What Deprovisioning Commonly Includes
Common steps include disabling accounts, revoking tokens, removing group memberships, rotating related secrets, terminating sessions, and documenting ownership changes.
Deprovisioning vs. Provisioning
Provisioning grants and sets up access. Deprovisioning removes access that should no longer exist.
Frequently Asked Questions
Why is deprovisioning important?
Because forgotten accounts and old credentials are often easier for attackers to abuse than well-managed active identities.
Does deprovisioning only apply to employees?
No. It also matters for contractors, vendors, applications, service accounts, devices, and other non-human identities.
Related Cybersecurity Terms
