Access discovery

Access discovery is the process of scanning and mapping who (users, groups, service accounts) has access to which resources (files, databases, apps) across an organization’s IT environment. It aims to produce a comprehensive, up-to-date inventory of permissions, roles, entitlements, and policy configurations—spanning on-prem servers, cloud services, SaaS apps, and more. 

Tools for access discovery analyze identity stores (AD, LDAP), IAM policies, group memberships, and logs of actual resource usage. The result is a visual or tabular map that highlights not only official roles but also hidden or orphaned accounts, misconfigurations, or overlapping privileges. 

Often, organizations run periodic discovery to feed Identity Governance & Administration (IGA) or Access Certification processes, ensuring the known entitlements match reality.

How does it affect identity security?

If you don’t know who can access what, you can’t effectively manage or secure it. Many breaches occur through unknown or forgotten accounts, misconfigured permissions, or leftover roles from old projects. Access discovery reveals these vulnerabilities, serving as a starting point for cleanup and least privilege enforcement. It helps identify stale accounts, detect privilege creep, and unify accounts in a single governance framework. 

The process is continuous - cloud environments change frequently, so automated daily or weekly scans ensure the inventory stays current. This is essential for any zero trust or micro-segmentation strategy - you can’t segment effectively if you don’t know your entitlements. 

Furthermore, access discovery results feed Access Certification campaigns: managers are shown exactly what each user can do in the cloud, prompting them to remove suspicious or outdated privileges. Hence, robust discovery is a prerequisite for any advanced IAM governance or privileged management initiative in the cloud.

By providing visibility, it allows security teams to quickly spot anomalies—like a marketing group that has database write privileges or a devops role with prod admin rights. Essentially, access discovery underpins identity security by shining a light on hidden or unexpected entitlements, enabling proactive remediation. 

In compliance terms, it’s also crucial for demonstrating that management knows and reviews all active access, a requirement in standards like SOX, PCI-DSS, or HIPAA.

Case studies

A single misconfigured AWS S3 bucket policy allowed the attacker to retrieve sensitive customer data. The breach became infamous, prompting many companies to re-check their S3 configurations. If thorough access discovery had flagged that bucket as publicly exposed or recognized that an internal IAM role was over-permissive, Capital One might have remediated before the attacker exploited it. 

Another instance is the 2017 Verizon partner leak, where an unprotected cloud server belonging to a partner exposed millions of records. Regular access discovery scanning might have revealed that partner’s account had “public read” on the dataset, prompting a timely fix. Both incidents show that ignoring or failing to update the “who can access what” map can lead to critical oversights and large-scale data breaches.

‍