Skip main navigation

Identity Access Management Concepts (Continued)

In this video, you will learn about assets in the context of IdAM.
9.6
And when we gave the example, we looked at your home as being the asset. Well, we’re not in a world where an asset is that simple any longer. When we think about an asset register, typically we think about a list of physical assets. And that’s valid. We need an asset register for our physical assets. But we also need to start thinking about assets in a logical, in the logical realm. So we have a very dense application stack. And a lot of our servers now, we may not have a physical footprint for, or that footprint may not be a direct correlation to a physical asset.
50.3
If we look at virtualization, we may have ten servers, ten virtual servers, running on a single physical server. We need some kind of system to manage those assets, to identify them, to make sure that we are aware of their existence and also of their value to the organization. With cloud services, we typically have even less visibility of those assets. What servers do we have? Where are they? And ultimately, often our hardware is not what we’re most concerned about. This isn’t where the most value lies for our organizations. What we’re talking about is our intellectual property, the data that we have, the information that we have, maybe the configurations that we have. Because all of these hardware systems support services.
104.5
And usually these services relate to data. So often, we’re talking about data. So we need to track our logical assets as well, our non-physical assets. This can be things like software, software licences, configurations. These things have value to us as an organization. This can also be the intellectual property within our organization. Have we got something that is particularly valuable to us, a work of, a work of art that we’re creating? If we’re writing a book, what value do we ascribe to that? So this creates a very complex environment. We don’t just have a single house to protect. We don’t have a single visitor. This is why identity and access management is so very crucial.
153.3
We need something that is comprehensive enough to manage and help support the assets and the subjects and mediate the access between them. So an asset is anything that we have that has a perceived value. We have our physical assets. We have our logical assets. And we have our information assets. The best practice is that we keep a list of all of these. So we have an asset register for our hardware, our logical assets, and our information assets. We need to understand the value of our assets. Why do we need to understand the value of our assets?
185.5
Well, if we have a budget, if we’re trying to protect appropriately, we do not provide the same level of protection to all of our assets. The assets with a higher value, we would protect in a different way. We would afford more time and attention to. When we’re managing these asset registers, it’s important that when we create this list, that they are accurate, they contain sufficient levels of detail, but also that they continue to be updated. My experience, I’m guessing your experience as well, is that hardware asset management is done reasonably well in most organizations. We have a unique ID applied to each asset, an asset identification label, that correlates to an entry in the database.
230.6
And there we might see the asset value, the identifier, maybe some configuration information. What we want to do is to make sure that that is maintained and is up to date. And typically, we do this through the use of change management or configuration management. Configuration management allows us to build a more complex profile around our assets, retaining additional information, and helps us to identify any interdependencies between assets. For example, with a server, what is the server name? What is the server’s IP address? Which UPS is the server connected to? This way, if we swap out the UPS at some point, we can track the interdependency to configuration management. And ITIL has some great advice around change management and configuration management.
276.7
For our information assets, we have a challenge. We have lots of structured data sets, databases within applications. And these are typically easy to identify, easy to categorize and to understand. More challenging are the information assets we have that are stored in non-structured formats. So here, we’re thinking about people’s mailboxes, the shared drives. How do we manage a classification for these different information assets? How do we make sure the data is protected appropriately and that we have the right approach to each set of data, when quite often these are mixed areas?
316.6
So document management systems are much more structured approach to data management that gives us a better method of identity and access management, and also logging the access, that controlling the auditing and the accounting.

In this video, you will learn about assets in the context of IdAM.

We can no longer think of assets as existing purely in the physical realm, we now need to consider “logical” assets — assets that exist in the digital, virtual world. Some examples of logical assets include software, software licenses, configurations, and intellectual property.

Reflect and share: What kinds of digital assets are you working with and how do you manage these? Share with your fellow learners.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education