Sponsored: In Your Rush to the Cloud, Don’t Forget Where You Came From
Editor’s Note: This post is sponsored by ManageEngine.
In the stampede to use (or at least talk about) cloud services, on-premises infrastructure gets little mention nowadays. But even though the cloud has hogged our attention for the past few years, the reality is that most of the data center that existed before the services revolution is still there today. And it’s more important than ever to protect it — in particular, your Active Directory forests that contain all your usernames and passwords.
Why has Active Directory become even more important to protect today? Most companies have chosen to adopt a hybrid identity model that extends their on-premises Active Directory to an Identity as a Service (IDaaS) provider such as Azure Active Directory. If you use Office 365, whether you know it or not you have an Azure Active Directory instance in Microsoft’s cloud. With this hybrid model, users can authenticate to Office 365 and other SaaS apps with their corporate Active Directory credentials.
IT professionals tend to focus on the security around Office 365. This is good, but partly misses the point: if your on-premises Active Directory isn’t secure, it doesn’t matter how much you’ve locked down Office 365. Attackers will gain administrative access to a compromised Active Directory — and thus Office 365 — regardless of the controls you’ve put on it. They will go after the weakest link.
Therefore, it’s important to ensure that although your organization might be strongly pushing for Office 365 adoption, your management team understands it also needs to secure its Active Directory foundation. In Active Directory’s early days, and even in its “tween years” (Active Directory is seventeen years old after all), organizations could get away with using only the Microsoft out-of-box tools to maintain the application. Although Active Directory’s design has aged very well, the cybersecurity landscape has changed dramatically since the product was conceived.
As a result, a range of third-party security and operational tools are required — not optional — to keep Active Directory healthy and secure. Roughly ordered by importance, these tools include:
- Backup and recovery (beyond object deletion)
- Threat detection
- Governance (identity lifecycle and access reviews to remove unneeded access)
Few companies have all these capabilities in place because the costs can be prohibitive. But what is the cost of not protecting your Active Directory foundation? Microsoft estimates that the average cost of a breach is 15 million dollars. Based on this estimate, detecting and avoiding a breach would pay back these tools’ costs in days.
More in Active Directory
What Are the UPN and sAMAccountName User Account Attributes?
Jan 30, 2023 | Michael Reinders
Microsoft Releases Update to Streamline Exchange Online License Assignments
Jan 24, 2023 | Rabia Noureen
Microsoft Announces New Multibillion-Dollar Investment in OpenAI
Jan 23, 2023 | Rabia Noureen
How to Export Active Directory Users to CSV With PowerShell and ADUC
Jan 23, 2023 | Michael Reinders
ManageEngine ADSelfService Plus: Protect On-Premises and Cloud Services from Password Attacks with Multi-factor Authentication
Jan 12, 2023 | Michael Reinders
Microsoft 365 to Launch New $1.99/Month Basic Subscription with 100 GB of OneDrive Storage
Jan 11, 2023 | Rabia Noureen
Most popular on petri