Infrastructure Access Management 101: Tracking and Managing

There was a time, long ago in a universe far far away, where the distinction between your production environment and your corporate IT environment was reasonably clear. 

For example, if you were an e-commerce business, your production environment contained the core web application, the core database, and the core order management system into which your customers would submit orders. Your fulfillment systems would fulfill orders from that.

That's quite different from something like email, where we send and receive email to each other, as members of a company. Back then, it made sense to manage those systems separately, and there was a clear and obvious distinction from the production side operations. 

But when it comes to inventorying and tracking your systems, we’re in the middle of an evolution–suddenly you have things like multi-cloud and hybrid, each with their own set of on-prem or cloud infrastructure. And those legacy systems? Yeah. They’re not going away. 

Do I have an infrastructure tracking mess?

There was a time when tracking your inventory was relatively straightforward. You would simply key into the data center, and then BOOM -  you see the things, you know the things.

The speed and ease of spinning up infrastructure today means that just about anyone can do it easily. And this can be a problem. If you’re someone in a technical role with a job to do, and you’re having trouble getting access to systems or getting them procured, it’s easy for that person to procure their own systems in order to do their jobs. And suddenly you have systems that aren’t being tracked or part of your inventory.

How do you know if you should consider taking inventory? There are a few simple questions can help:

• Who is the person that's responsible for tracking your infrastructure - across on-prem and in the cloud? 
• Is there a specific individual? Is it a team? 
• How do they actually go about doing it?
• Is there a central location where all of this information is tracked? Including across all cloud environments?

If you can’t easily answer these questions, it’s probably time to start collecting this information and taking inventory. If you don’t, the costs can be significant.

The Cost & Risk of Not Taking Inventory 

If you do not currently have a process for taking inventory and tracking your systems, chances are that things are falling through the cracks. And there’s tangible cost and risk when this happens. 

Quite simply - if you don’t know what systems you have, then you can’t know the information they contain or who has access to them.

And that means you may be taking on risk (security breaches, insider threat, etc.) or costs (systems running that shouldn’t be) that you may not need to.

Getting Started

When it comes to Access Management, taking inventory of your systems is just one of the tasks you need to tackle. Watch the course on Access Roles & Discovery to learn why taking inventory of your employees and their required access is just as important.