Insight and analysis on the information technology space from industry thought leaders.

How to Conduct an Infrastructure Assessment

Learn how to conduct a goal-driven infrastructure assessment to uncover vulnerabilities, ensure compliance, and strengthen your IT environment.

Industry Perspectives

December 10, 2024

4 Min Read
team collaborating around a table
Alamy

By Dave Courbanou, Intelligent CloudCare

An infrastructure assessment helps you visualize your digital landscape, but a good assessment won't just be for its own sake. To make the most of your time and efforts, you'll want to have a goal in mind.

Generally speaking, an infrastructure assessment should be about targeting any vulnerabilities or uncovering areas that need improvement, but the findings of these assessments should also be framed with a few key questions in mind:

  • What are our current IT needs and where are we lacking?

  • Are upgrades needed, or can we modernize with what we have?

  • If upgrades are needed, what are the costs associated?

Most of the answers to these questions will be framed around the type of business your company does. For example, a defense contracting company may be looking at its infrastructure assessment through the lenses of risk mitigation and security posture, to ensure all government compliance standards are met and maintained. A financial company may be more interested in IT governance and privacy protections, whereas an educational institution might be trying to adopt more robust data management access controls to protect student privacy.

During your infrastructure assessment, it's also a great time to prepare or review an incident response plan. Based on the findings of the assessment, you may also want to examine how the current environment would withstand a variety of failures, be it exploitation by hackers, ransomware or malware — or more simply — having a hardware failure on a server. Most of an incident response plan will be focused on backup tools and pathways to recovery of a production environment.

Related:ITPro Today’s 2024 IT Priorities Report

There can be a lot of technology to account for, and it can be overwhelming, but this list should help you review the most critical components in your environment. Here's how to consider your ….

  1. Firewall: Check the model type and brand and see if the firewall has reached end of life or if there's still support for it. If there's still support, check to see if there are firmware or software updates, and ensure you can block whole sets of IP addresses, like those from China or Russia. If you use a VPN, now's a good time to check to see if there are any updates for your client of choice, as well.

  2. Servers: If you're running Windows servers, make sure they're still running supported version of Windows — if not, consider what it might take to upgrade them or replace them entirely, perhaps even with virtualized servers. If many servers need to be replaced, the purchase of a single virtualization server can make this process more efficient and cost-effective.

  3. Appliances: If you're running a NAS or other dedicated hardware that isn't technically a Windows server, you'll want to ensure the vendor for these devices has provided the latest updates. If they're aging or legacy appliances, consider what you could do network-wise to keep them isolated or protected from new attacks or malware.

  4. Network Equipment: Aside from the firewall, it's good to check on points of ingress internally, like wireless access points and network switches. Like the firewall before them, check in to see if they're still supported by the vendor, and if so, update them so newer security patches and authentication methods can be leveraged against them. For example, some older wireless access points won't allow WPA3 or RADIUS-based authentication.

  5. Backups: Whether it's an enormous RAID array or backup tapes, make sure those devices are running perfectly. An infrastructure assessment is a great time to test backups and ensure things work as expected, as your backup environment will be the first step in recovering during an incident response

  6. End-User Environment: Ultimately the best infrastructure is only as strong as the weakest link, and that tends to be the human element. Assess the condition of your fleet of user computers and determine if they need more protection, whether it's upgrading the operating systems (Mac or PC) or providing more robust endpoint protection and anti-virus. If you haven't already, now is a good time to think about implementing company-wide password managers, improved VPN clients, and multi-factor authentication for any and all accounts.

This is by no means an exhaustive list, but using this list as a framework for discovery should help you successfully illuminate the IT environment. Once you have all your findings and recommendations, the last hurdle will be finding a budget that can adequately address all of the vulnerabilities or shortcomings you've discovered.  At the very least, ensure small steps like software upgrades and MFA are flipped on — they're usually free.

About the author:

Dave Courbanou is an IT Administrator with Intelligent CloudCare, a managed service provider that helps organizations improve their cybersecurity hygiene, protect against ransomware attacks, and manage their networks and infrastructure. He has more than a decade of IT services experience, and leads Intelligent CloudCare's CloudCare University, offering online cybersecurity training. He can be reached at [email protected].

About the Author

Industry Perspectives

Industry Perspectives

See more from Industry Perspectives
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

jobs key on keyboard
Career Management
IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce
IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce

Nov 20, 2024

an it pro is disappointed as a poster for sustainability is switched with one for financial results and garbage piles up next to a recycling bin
Green IT
How Do I Advocate for Green IT Without Being Dismissed as a Lorax?
How Do I Advocate for Green IT Without Being Dismissed as a Lorax?

Nov 27, 2024

person using a laptop with the Ubuntu logo on its scree
IT Operations
3 Simple Ways to Install and Run a Virtual Machine on Ubuntu
3 Simple Ways to Install and Run a Virtual Machine on Ubuntu

Nov 22, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables