A manufacturer with a mix of office systems, plant software and a handful of cloud tools had grown the way most businesses do: by adding access and rarely removing it. People changed roles and kept their old permissions on top of their new ones. Contractors came and went, and their accounts mostly stayed. A few shared logins existed because, years ago, it had been simpler that way. Nobody had set out to create a mess; it had simply accumulated, one reasonable shortcut at a time.
The trigger was mundane: an internal review asked who could access a particular system, and no one could answer with confidence. That uncertainty, repeated across the estate, was the real risk. Stale and shared access is one of the most common ways a small problem becomes a serious one.
The challenges we had to solve
- There was no single view of who had access to what. Permissions lived in each system separately, and no one held the whole picture.
- Accounts for people who had left, and for contractors long gone, were still live. Some had not been used in a year; that they existed at all was the issue.
- Shared logins meant actions could not be traced to a person, which undermines both security and any honest audit.
- The cleanup could not break the plant. People needed the access their job required, on the day we changed things, with no nasty surprises mid-shift.
How we approached it
We pulled access together into one picture, system by system, until the whole estate was visible in a single place for the first time. With that in front of us, the dead weight was obvious: leavers, departed contractors, permissions left over from old roles. We removed it carefully, confirming need as we went rather than guessing, so nobody lost access they actually used. The shared logins we replaced with named accounts, so every action could be traced to a person.
Cleaning up once only helps if access does not silently pile back up, so we put in real joiner, mover and leaver steps: access granted to a role, reviewed when someone moves, and removed promptly when they leave. We kept it proportionate to how the business runs, with a periodic review light enough that it will actually be done. Least privilege is not a product you buy; it is a habit, and our job was to make the habit sustainable for this team.
Where it stands
The manufacturer can now answer who has access to what, and trust the answer. Departed people and contractors no longer hold live credentials, shared logins are gone, and a leaver’s access ends when they do rather than lingering for months. The access that should never have existed is gone, and there is a process in place to keep it that way.