Businesses are no stranger to Active Directory (AD). The identity and access management service has been relied upon by the vast majority of organisations for many years - 90% of them, according to Gartner - but a more agile approach is needed for the hybrid professional work environment that’s now very much a reality.
Indeed, the pandemic shook businesses from all corners and while AD was the reliable backbone of most organisations when all their workers bundled into the same building, the widened cyber attack surface of a hybrid workforce means there are now added complications when deploying AD across a business.
"Active Directory is like the spinal column of an enterprise and it must be closely protected,” explains Matt Lock, technical director at data security firm Varonis. “If an attacker manages to seize control of AD, they effectively hold the keys to an organisation’s digital kingdom and have privileged access throughout the domain, where they can cause serious damage.”
The issues boil down to visibility, it’s much more difficult to oversee all the assets within a business when its workers are so geographically fragmented. Factor in, too, the complexities that come with the rising popularity of bring your own device (BYOD) policies and the way in which workers customise their software with additional assets like add-ons from third-party marketplaces.
The IT Pro Podcast: A post-COVID cloud future
COVID has rewritten the rulebook for businesses - but will it last?
Pushing more business processes to the cloud has traditionally been the easy, go-to approach for all-things digital transformation and the deployment of AD is no different. The cloud offers a swathe of benefits to businesses looking to maintain tight security controls across office and remote workers, including a more comprehensive view of the organisation’s digital assets and more streamlined security controls.
With the cyber security landscape now being so wide and businesses being targeted from all angles, it’s more important than ever to have the organisation’s asset management in top shape. Shifting AD to the cloud is the best approach for businesses looking to stay safe in a hybrid working world.
AD transformation
For most organisations, asset management pre-COVID was a relatively straightforward exercise in user and device tracking. Now the working and threat perimeter has moved to the homes of their workforce, keeping track of the entire IT estate and ensuring high levels of security are maintained has become much more complex. Migrating AD to the cloud can deliver more oversight and integrated support to users who need this to secure their equipment and network connections.
Dan Conrad, field strategist at One Identity, tells IT Pro: “Since the rollout in 2000, AD has changed significantly and the impact of Zero Trust campaigns will change this further. At its core, AD is an SSO (Single Sign-On) solution designed for an easy user experience by providing easy access to objects. Active Directory and Azure Active Directory (AAD) have changed the game a bit by still providing the good user experience but detaching some of the vulnerabilities. For instance, the idea of joining every corporate system to the AD is no longer necessary. AAD and solutions such as Intune allow management of the systems without the vulnerability that goes with every system being ‘trusted.’”
Many companies see the continued migration of AD to the cloud as the solution to the issues they face managing the array of assets their businesses use. With security front of mind, migrating an AD to a cloud platform can deliver a level of insulation from some cyberattacks.
The holistic approach to managing what could be a diverse range of devices now being used across your business, requires your control and security systems to change. Businesses are increasingly creating domain-joined and BYOD/non-domain-joined systems to give themselves the maximum flexibility with the assets their staff uses, simultaneously delivering a security infrastructure that is more resilient than a simple cloud or on-prem solution.
The business of consumerisation
The threat surface all businesses now face requires a new approach to network management and device security. As early as March 2020, IDC predicted that within two years, over 90% of enterprises worldwide will have a hybrid cloud deployment. As the COVID-19 pandemic took hold, there has been a rush to implement this approach, with businesses being pushed to radically alter how they manage their workforces and the technologies and services they use.
Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey
A Veritas webinar on implementing a hybrid multi-cloud strategy
Rajesh Ganesan, vice president at ManageEngine, tells IT Pro: "A cloud-native hybrid IT infrastructure helps organisations respond to change and uncertainty better. That said, even as organisations move to a cloud-first or cloud-dominant approach, it’s important that application, infrastructure, and data security are not compromised.”
Alastair Pooley, CIO of Snow Software, adds: “As we switch to more SaaS applications, you either need to use Azure Active Directory (along with the relevant licenses) or something like Okta to provide that single sign on experience to your staff. Either approach allows you to maintain a corporate directory to control access to resources. It is worth noting that you should re-examine your endpoint security, as traditional group policy (GPO) doesn’t deliver for remote workers. Microsoft’s Defender ATP coupled with Intune is a powerful combination but again you need new licenses to deliver that.”
How your business will manage its human resources and digital assets in a post-COVID-19 environment remains to be seen, as enterprises have yet to make firm plans regarding where the vast majority of their employees will work from. Some workers will return to centralised offices.
However, a high percentage will remain as remote workers. In this scenario, putting place a flexible and secure system to manage your company's assets is a sensible move. The agility migrating AD to the cloud can deliver is a desirable option. Review your business's asset management as it stands today. With some realistic forward planning, you will be able to create bespoke asset management protocols that are right for your staff, and the long-term security of your business.
This article was first published on 01/02/2021, and has since been updated
