Co-founder of Semperis. Leads the company’s overall strategic vision and implementation.
Roughly 20 years after it was first launched, Microsoft Active Directory (AD) remains widely used by enterprise organizations. As the cofounder of a company that offers products for recovering ADs, I’ve observed that for 90% of companies, AD is the primary identity store, even as they embrace the cloud and enable an increasingly remote workforce. Although some might argue that the need for AD is fading in the age of software-as-a-service (SaaS) and mobile workers, in reality, securing and managing AD is even more important than ever in 2021 and beyond.
Most organizations have devoted years of money, time and effort to maintain their on-premises AD and are cautious about abandoning that investment. While companies pursue cloud computing in the name of speed and scalability, I believe the underlying structure of their IT network will remain dependent on AD, which must be kept secure.
Understanding The Foundations Of AD
Through AD, administrators can manage the authentication and access policies of users and groups in one place. Most on-premises systems and applications that require machine and human identities to authenticate are in some way dependent on AD. Because of this integration, IT professionals use AD to manage authentication for these systems and services and the users who leverage them.
When supporting users and applications in the cloud, access and authentication become more complex. However, AD still forms the backbone for these efforts. When AD’s reach is extended to the cloud with federation or other technologies, employees can use their corporate credentials to sign on to cloud applications. This approach can improve employee experience and strengthen identity security.
Take Microsoft 365, which leverages Azure AD. Microsoft provides several ways for enterprises deploying this productivity suite to use AD. The same is true for other popular cloud applications as well. Integrating authentication with on-premises AD allows organizations to bring their identity structures into the SaaS world to support cloud-first business initiatives.
This type of integration is becoming the rule, not the exception. Hybrid environments, however, still require the maintenance of the on-premises AD environment. Companies that use identity and access management services or proxy solutions still rely on users’ AD credentials, making AD foundational to supporting a remote workforce.
Many remote employees also will tunnel into the network using VPNs or direct access solutions. These workers can leverage their AD credentials — ideally alongside multi-factor authentication — to authenticate effectively and securely as they access on-premises applications, resources and data. Again, this ability relies on implementing and maintaining AD with good hygiene.
Why AD Remains A Cyber Target
No matter whether a business takes a hybrid approach or only leverages on-premises AD, attackers will continue to change the threat landscape organizations have to address. Many breaches begin with or involve the theft of user credentials via phishing, social engineering or malware. Once attackers have penetrated the network, elevating privileges is one of the main priorities threat actors have. In fact, per Forrester Research, 80% of security breaches involve privileged access abuse.
AD is an obvious target, with attackers frequently abusing built-in protocols in the Windows operating system — and AD itself — to achieve their goals with less chance of detection. As an example, the threat actors associated with the SolarWinds attack used Windows Management Instrumentation to establish the certificate-signing capability of Microsoft Active Directory Federation Services.
In 2020, the industry was also reminded of the importance of patching AD against security vulnerabilities when the now infamous Zerologon vulnerability was exploited. While misconfigurations remain arguably a bigger threat than code vulnerabilities, the ability to scan for both and remediate any issues is critical for enterprises. Organizations need to continuously monitor for unauthorized changes and leverage threat intelligence to prioritize vulnerability management and harden AD against attacks. In addition, reviewing permissions, using password policies and applying the principle of least privilege builds a higher wall for threat actors to climb as they target privileged accounts.
A secure AD forms a key part of a zero-trust strategy, and given the increasing AD-related attacks, this might be a good time to review access rights and policies.
Supporting The Changing Needs Of Business
I believe the critical role of AD in IT infrastructure will remain constant. As enterprises look to a hybrid approach, they will need to account for radical changes to the permission model as administrators adjust to handling authentication for a growing array of SaaS applications. These efforts will remain rooted in the effective management of the on-premises AD environment as administrators work to ensure the policies and groups that govern that environment follow them into the cloud.
No matter what this year brings, identity and access management and a secure, well-managed AD should be at the center of supporting the shifting needs of modern businesses.