The COVID pandemic has changed many aspects of IT, including how businesses manage their digital assets. For many organisations, Active Directory (AD) has for many years been a workhorse that could be depended upon when most of their workforce was centrally located, however the move to mass remote working means it’s vulnerable to cyberattacks. Nevertheless, it remains a critical support mechanism for each worker connected to a company’s network, which leaves IT teams in a tricky situation.
According to Gartner, over 90% of businesses and organisations use AD, and it has become one of the most valuable assets they possess. However, as the business environment AD is used to manage has become more complex and geographically dispersed, the way it’s deployed in most organisations must change.
Businesses have also had to re-evaluate and redraw their digital transformation roadmaps to take into consideration how their processes have changed and what this means for their more comprehensive strategic planning. And while bring your own device (BYOD) has long been a security issue for organisations, the upheaval the pandemic has delivered opens a new series of logistical, human resource, and security challenges, as devices – both company and employee-owned – proliferate.
«Active Directory is like the spinal column of an enterprise and it must be closely protected,” explains Matt Lock, technical director at data security firm Varonis. “If an attacker manages to seize control of AD, they effectively hold the keys to an organisation’s digital kingdom and have privileged access throughout the domain, where they can cause serious damage.”
The cloud has played a critical role in enabling businesses to scale and manage digital assets using AD as the primary management hub. However, companies’ current deployments are likely to become fragile and vulnerable to attack; whereas until last year IT departments had a clear sight of each asset within a business and who has what level of access privileges, this view has moved out of focus with the sudden shift to mass remote working.
What’s needed is a new approach beginning with migrating AD to a cloud service. Performing this migration gives businesses a more detailed view of your asset landscape and enables higher levels of security to be deployed and maintained.
AD transformation
For most organisations, asset management pre-COVID was a relatively straightforward exercise in user and device tracking. Now the working and threat perimeter has moved to the homes of their workforce, keeping track of the entire IT estate and ensuring high levels of security are maintained has become much more complex. Migrating AD to the cloud can deliver more oversight and integrated support to users who need this to secure their equipment and network connections.
Dan Conrad, field strategist at One Identity, tells IT Pro: “Since the rollout in 2000, AD has changed significantly and the impact of Zero Trust campaigns will change this further. At its core, AD is an SSO (Single Sign-On) solution designed for an easy user experience by providing easy access to objects. Active Directory and Azure Active Directory (AAD) have changed the game a bit by still providing the good user experience but detaching some of the vulnerabilities. For instance, the idea of joining every corporate system to the AD is no longer necessary. AAD and solutions such as Intune allow management of the systems without the vulnerability that goes with every system being ‘trusted.’”
Many companies see the continued migration of AD to the cloud as the solution to the issues they face managing the array of assets their businesses use. With security front of mind, migrating an AD to a cloud platform can deliver a level of insulation from some cyberattacks.
The holistic approach to managing what could be a diverse range of devices now being used across your business, requires your control and security systems to change. Businesses are increasingly creating domain-joined and BYOD/non-domain-joined systems to give themselves the maximum flexibility with the assets their staff uses, simultaneously delivering a security infrastructure that is more resilient than a simple cloud or on-prem solution.
The business of consumerisation
The threat surface all businesses now face requires a new approach to network management and device security. As early as March 2020, IDC predicted that within two years, over 90% of enterprises worldwide will have a hybrid cloud deployment. As the COVID-19 pandemic took hold, there has been a rush to implement this approach, with businesses being pushed to radically alter how they manage their workforces and the technologies and services they use.
Rajesh Ganesan, vice president at ManageEngine, tells IT Pro: «A cloud-native hybrid IT infrastructure helps organisations respond to change and uncertainty better. That said, even as organisations move to a cloud-first or cloud-dominant approach, it’s important that application, infrastructure, and data security are not compromised.”
Alastair Pooley, CIO of Snow Software, adds: “As we switch to more SaaS applications, you either need to use Azure Active Directory (along with the relevant licenses) or something like Okta to provide that single sign on experience to your staff. Either approach allows you to maintain a corporate directory to control access to resources. It is worth noting that you should re-examine your endpoint security, as traditional group policy (GPO) doesn’t deliver for remote workers. Microsoft’s Defender ATP coupled with Intune is a powerful combination but again you need new licenses to deliver that.”
How your business will manage its human resources and digital assets in a post-COVID-19 environment remains to be seen, as enterprises have yet to make firm plans regarding where the vast majority of their employees will work from. Some workers will return to centralised offices.
However, a high percentage will remain as remote workers. In this scenario, putting place a flexible and secure system to manage your company’s assets is a sensible move. The agility migrating AD to the cloud can deliver is a desirable option. Review your business’s asset management as it stands today. With some realistic forward planning, you will be able to create bespoke asset management protocols that are right for your staff, and the long-term security of your business.