If you are still running Active Directory on-premises in your organization and haven’t evaluated your business requirements lately, it’s time to examine whether Active Directory (AD) on-premises is an asset or a liability.
As SMBs continue to adopt cloud-based solutions such as Azure AD and Mobile Device Management (MDM), whether to keep on-premises infrastructure or move to the cloud becomes increasingly relevant. One area where this is particularly true is identity management. Many businesses still rely on Active Directory (AD) on-premises to manage their user accounts, computers, and other resources. However, with the cloud-based identity solutions today like Azure Active Directory (Azure AD) and OKTA, there are several compelling reasons for small businesses to consider migrating away from AD on-premises and towards a cloud-based identity solution.
“AD is an obvious target, with attackers frequently abusing built-in protocols in the Windows operating system — and AD itself — to achieve their goals with less chance of detection.”
Forbes Small Business (June 7. 2021)
What is Active Directory (AD)?
Active Directory is a technology used by Microsoft Windows operating systems to manage and organize information about resources on a network, such as users, computers, printers, and other devices.
In simpler terms, it is a tool used by IT administrators to control and manage access to resources within a network. For example, Active Directory allows an administrator to create and manage user accounts, set access permissions for files and folders, and apply security policies across multiple computers and servers on a network.
Why is Active Directory becoming a risk?
Two words. Lateral Movement.
Lateral movement in a cyber attack is when an attacker moves from one hacked device to another within a targeted network to gain access to more sensitive information. This is often done to avoid detection and can be prevented by measures such as network segmentation and access controls. It’s dangerous, and here is why:
According to a report by VMware, 25% of all attacks witnessed by respondents involved lateral movement in 2022.
According to Cynet, smokescreen published an article that attackers spend 80% of an attack utilizing lateral movement.
Mandiant found that 96% of lateral movement behaviors did not have a corresponding alert in Security Information and Event Management (SIEM) systems, meaning that organizations were left blind in the face of an attack.
Identify your needs and scale down.
One variation of a saying in the security community is, “The only way to truly secure a computer is to place it at the bottom of the ocean.” We don’t condone polluting the oceans, but you probably get the point. There is no such thing as fully securing a technology asset from wandering minds. However, in the spirit of the above saying, start by identifying if you need the technology you are trying to protect. Our case in point: Active Directory.
Identifying a need for Active Directory On-Premises
We will preface this by saying Active Directory is an extremely complex technology that can take years to fully understand the ramifications of making even minor structural changes. We recommend having an identity expert review your needs and environment to give you a comprehensive review.
At StrataNorth, we have identity experts that can help you identify your need for an on-premises Active Directory, secure it if needed, or help you migrate to a cloud-based identity solution. Contact us today.
That said, there are a few ways to know if you genuinely need your on-premises Active Directory systems or have outpaced them.
- Do you have any on-premises systems that run applications for your business? These would be things like a firewall that authenticates users with their AD account, financial software that lives on a server, or on-premises file servers that require security rights for protection.
- Do you have systems connected with other organizations? Some organizations can be connected with parent organizations, acquisitions, or mergers and have resources in those organizations that may require on-premises systems.
- Do you have a cloud-based identity provider like Azure AD, Okta, or Google Cloud? These systems would be leveraged when migrating away from Active Directory on-premises. They also typically offer services to secure devices, secure users, and host your files. All are hosted securely in the cloud provider’s data centers.
If the first two scenarios don’t apply to your organization, you may have a strong foundation for moving away from on-premises AD. If not, there may be further dependencies to consider when making your final decision, but reducing risk and complexity may not be out of reach. Regardless, having an assessment completed by an identity expert can paint a clear picture of what to expect and the commitment involved. Many assessments can be done only in a few weeks for reasonable costs.
Benefits of Cloud-Based Identity Solutions
There are several benefits of cloud-based identity solutions like Azure AD, OKTA, and Google Workspaces. When deciding where to move your identities and workloads, many variables must be considered. Having an assessment done can help point you in the right direction. Here are some of the benefits:
Cloud-based identity solutions offer enhanced security measures such as multi-factor authentication, identity and access management, and data encryption. This helps protect sensitive data and resources from cyber threats. Services like Microsoft Azure AD or Google Workspaces can offer a centralized identity management platform to help secure user identities across your cloud applications using SAML and SSO.
Increased flexibility and scalability
Cloud-based solutions allow for easy scalability and flexibility to adapt to changing business needs. They can be easily configured and managed, offering automation to ensure optimal performance. Services like SharePoint or Egnyte can allow your employees to access their files securely from anywhere with an easy way to provide more space with a click of a button. Some of these solutions include automation that can help lower manual tasks in your business flow.
Cloud-based identity solutions eliminate the need for expensive on-premises hardware and maintenance, reducing costs and freeing up resources for other business needs. In addition to this is predictable spending. With everything being primarily a per-user or per-device licensing model, you can predict your OpEx and forecast for better spending visibility with fewer surprises.
Cloud-based identity solutions enable employees to access their work resources from anywhere, anytime, using any device with an internet connection. This increases productivity and collaboration within the organization. Services like Microsoft Teams, Zoom and Slack allow employees to collaborate in real time without IT providing the underlying critical services to support that collaboration.
Cloud-based identity solutions provide a centralized platform for managing user accounts, devices, and access controls, reducing the complexity of managing multiple systems and improving visibility into user activities. With services like Intune or other Mobile Device Management (MDM) solutions, you can fully enforce security policies on all your devices from a centralized console without managing the underlying infrastructure.
Active Directory can be a core component of any organization’s security stack, but it can also be a liability. We hope this blog post gave you some insight into how cloud-based identity solutions can help you with your business. While there is a plethora of information here, there can be much more to consider when implementing the strategies mentioned in this article. As each business is unique, so are its security needs and, more importantly, its risks.
How StrataNorth Can help.
If you are ready to transform your business’s security landscape and are looking for experts to guide you, StrataNorth has security consultants with decades of experience. We can help you reach security nirvana and give you a roadmap for success. Reach out for a no-cost, no-obligation chat with a security expert today.