# 5 – Control the access to workload infrastructure
<a name="design-principle-5"></a>

 **How do you protect the infrastructure of the analytics workload?** Analytics environments change based on the evolving requirements of data processing and data distribution. Ensuring the environment is accessible with the least permissions necessary is essential in delivering a secure platform. Automate the auditing of environment changes and generate alerts in case of abnormal environment access. 


|   **ID**   |   **Priority**   |   **Best practice**   | 
| --- | --- | --- | 
| ☐ BP 5.1  |  Required  |  Prevent unintended access to the infrastructure.  | 
| ☐ BP 5.2  |  Required  |  Implement least privilege policies for source and downstream systems.  | 
| ☐ BP 5.3  |  Required  |  Monitor the infrastructure changes and the user activities against the infrastructure.  | 
| ☐ BP 5.4  |  Required  |  Secure the audit logs that record every data or resource access in analytics infrastructure.  |