<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">

Access Management 101: Tracking and Managing Infrastructure

There was a time, long ago in a universe far far away, where the distinction between your production environment and your corporate IT environment was reasonably clear. 

For example, if you were an e-commerce business, your production environment contained the core web application, the core database, and the core order management system into which your customers would submit orders. Your fulfillment systems would fulfill orders from that.

That's quite different from something like email, where we send and receive email to each other, as members of a company. Back then, it made sense to manage those systems separately, and there was a clear and obvious distinction from the production side operations. 

But when it comes to inventorying and tracking your systems, we’re in the middle of an evolution–suddenly you have things like multi-cloud and hybrid, each with their own set of on-prem or cloud infrastructure. And those legacy systems? Yeah. They’re not going away. 

Do I have an infrastructure tracking mess?

There was a time when tracking your inventory was relatively straightforward. You would simply key into the data center, and then BOOM -  you see the things, you know the things.

The speed and ease of spinning up infrastructure today means that just about anyone can do it easily. And this can be a problem. If you’re someone in a technical role with a job to do, and you’re having trouble getting access to systems or getting them procured, it’s easy for that person to procure their own systems in order to do their jobs. And suddenly you have systems that aren’t being tracked or part of your inventory.

How do you know if you should consider taking inventory? There are a few simple questions can help:

  • Who is the person that's responsible for tracking your infrastructure - across on-prem and in the cloud? 
  • Is there a specific individual? Is it a team? 
  • How do they actually go about doing it?
  • Is there a central location where all of this information is tracked? Including across all cloud environments?

If you can’t easily answer these questions, it’s probably time to start collecting this information and taking inventory. If you don’t, the costs can be significant.

The Cost & Risk of Not Taking Inventory 

If you do not currently have a process for taking inventory and tracking your systems, chances are that things are falling through the cracks. And there’s tangible cost and risk when this happens. 

Quite simply - if you don’t know what systems you have, then you can’t know the information they contain or who has access to them.

And that means you may be taking on risk (security breaches, insider threat, etc.) or costs (systems running that shouldn’t be) that you may not need to.

Getting Started

When it comes to Access Management, taking inventory of your systems is just one of the tasks you need to tackle. Watch the course on Access Roles & Discovery to learn why taking inventory of your employees and their required access is just as important.


About the Author

, Contributing Author, has been writing about technology for over 15 years. She enjoys telling stories about how people use software and hardware to grow their businesses, keep their customers' information secure, and transform industries. She holds a B.A. and M.A. in English from Stanford University. To contact Katie, visit her on LinkedIn.

💙 this post?
Then get all that strongDM goodness, right in your inbox.

You May Also Like

What is Identity as a Service (IDaaS)?
What is Identity as a Service (IDaaS)? All You Need to Know
In this article, we’ll examine what Identity as a Service (IDaaS) is and how companies use IDaaS to enhance their security posture. You’ll learn why identity and access management (IAM) is important, how outsourcing IAM can support your goals, and the limitations of using a cloud-based IDaaS. By the end of this article, you’ll understand how an IDaaS solution works, the problems IDaaS addresses, and the role IDaaS will play in the future of identity management.
What is IGA? Identity Governance & Administration Explained
What is IGA? Identity Governance & Administration Explained
In this article, we’ll take a broad look at identity governance and administration (IGA) and examine how it differs from other IT risk mitigation topics. You’ll get insight into the history, benefits, and features of IGA and learn how to start planning an IGA implementation of your own.
Insider Threat: Definition, Types, Examples & Protection
Insider Threat: Definition, Types, Examples & Protection
In this article, we’ll take a look at insider threats in cyber security and the dangers they pose. You’ll learn the insider threat definition, who the insiders are, the types of insider threats to be aware of, and how to detect threats. By the end of this article, you’ll have a clearer understanding of the entire insider threat ecosystem and the best practices you can use to protect your organization, data, and systems.
Spring Clean Your Access Management | strongDM
Spring Clean Your Access Management
Time to spring clean your access management! Use these resources to establish healthy habits to keep your infrastructure access tidy all year long.
Agent vs. Agent-less Architecture
Agent vs. Agentless Architectures in Access Management
Agent vs. Agentless architectures is a recurring debate - covering specifics from monitoring to security. But when it comes to Access Management, some key considerations are necessary when defining the scalability of your solution and its impact on efficiency and overhead over time.