IT Operating Environments Best Practices

Overview

Access rights granted at a point in time do not remain appropriate indefinitely. People change roles, join teams, leave teams, and leave the organization. Projects begin and end. The solution a team was testing in SIT three months ago has moved on to Production, but their SIT access may still be active. An engineer who had administrative access to PSTG for a specific deployment six months ago may no longer be working on that solution, but their PSTG administrative access may still be valid. These stale access rights are a category of access governance failure that accumulates silently in the absence of regular access recertification - and that creates an expanding unauthorized access surface that adversaries can exploit through compromised credentials that are still technically valid.

Best Practice

Establish a formal access recertification cadence for every environment tier and enforce it through the environment governance model. At minimum, access to PSTG and PROD environments should be recertified quarterly, with every active access right confirmed as still appropriate by the Environment Instance Owner or a designated authority. Access to UAT, SIT, TRN, and PEN environments should be recertified semi-annually or whenever the solution those environments serve completes a significant lifecycle transition such as Production deployment or decommissioning. Access to DEV and RSC environments should be recertified annually or when the team composition of the environment changes significantly. All recertification reviews should be conducted by the Environment Instance Owner or a designated access governance authority, not by the individuals holding the access rights themselves. Access rights that cannot be confirmed as current and appropriate during recertification should be revoked immediately rather than deferred to the next review cycle.

Benefit(s)

Regular access recertification prevents the accumulation of stale, inappropriate access rights that characterizes ungoverned access management in long-lived environments. Every environment tier maintains an access profile that reflects current organizational realities - current team memberships, current project assignments, and current role definitions - rather than the historical accumulation of every access grant made since the environment was provisioned. The unauthorized access surface of the enterprise environment landscape contracts continuously through recertification rather than expanding continuously through accumulation, reducing the organizational risk that compromised credentials represent across the full environment pipeline.