Security governance

Reviewing offboarding controls across cloud and collaboration platforms

Access remaining after a departure was reviewed across cloud, identity, Git hosting, collaboration, VPN, administrative credentials, and secrets ownership surfaces.

Completed professional workRestricted security summary

Restricted professional summary

  • Cloud access
  • Identity providers
  • Git hosting
  • Collaboration platforms
  • VPN
  • Secrets ownership
  • Administrative credentials

Context

Environment and why the work mattered

Cloud and collaboration access-governance review

Access remaining after a departure was reviewed across cloud, identity, Git hosting, collaboration, VPN, administrative credentials, and secrets ownership surfaces.

Architecture summary

Access review surface

The published structure shows control categories only, not sensitive access paths.

  1. Identity and cloud access
  2. Repositories and CI/CD
  3. Collaboration platforms
  4. VPN and admin credentials
  5. Secrets and ownership
  6. Remediation verification

Challenge

Problems and risks addressed

  • Offboarding can leave access behind across disconnected systems.
  • Cloud, source control, collaboration, VPN, and administrative access needed a joined-up review.
  • The work needed to identify and remediate governance gaps without publishing exploitable detail.
  • Recommendations needed to improve future offboarding rather than only fix a single event.

Constraints

Delivery constraints and judgment calls

  • Specific affected systems and access paths cannot be published.
  • This was governance and remediation work, not a penetration test.
  • Names of people, organizations, and exact security weaknesses are excluded.
  • Public content must not help an attacker infer control gaps.

Responsibilities

Nico Smuts's role

Related to DevSecOps, access review, and offboarding governance work.

  • Reviewed access across cloud, identity, repository, collaboration, VPN, and administrative surfaces.
  • Helped identify remaining access and ownership gaps after departure.
  • Supported remediation verification and documentation.
  • Provided recommendations for stronger access-governance and offboarding controls.

Approach

Technical and operational approach

  • Mapped public-safe control categories rather than publishing system-specific paths.
  • Reviewed access ownership, administrative credentials, secrets, and collaboration surfaces.
  • Separated urgent remediation from longer-term governance recommendations.
  • Documented verification steps and future offboarding improvements.

Deliverables

Tangible outputs

  • Access review summary
  • Remediation checklist
  • Verification notes
  • Offboarding recommendations
  • Governance documentation

Outcomes

Verified results and public-safe outcomes

  • Access and ownership concerns were reviewed across relevant control surfaces.
  • Remediation and verification steps were documented.
  • Offboarding and access-governance recommendations were produced.
  • The public summary intentionally omits exploitable details.

Technologies

Tools and capability areas involved

  • Cloud access
  • Identity providers
  • Git hosting
  • Collaboration platforms
  • VPN
  • Secrets ownership
  • Administrative credentials

Related services

Related services are resolved from the centralized service catalogue.

Related work

Discovery

Discuss a similar problem without assuming the same result.

Every environment has different constraints. Start with the current state, risk, access model, and the operational outcome you need.