How to Sprint to the Cloud Without Stumbling AKA: Effective IAM for the Hybrid AD Environment

The cloud isn’t coming — it’s here. And the quicker we all get on board, the better off we’ll be, right?!

Digital transformation, IT modernization projects and cost-control initiatives all point to the cloud as the easiest, most flexible and most affordable path to success. But who among us can just drop everything and switch to cloud-based services. If you are one of the few that can, read no further, this blog has nothing for you. But if you’re one of the vast majority who is rapidly adopting cloud technologies, such as Microsoft Azure Active Directory (AAD) while still maintaining a significant investment in on-premises (on-prem) infrastructure…this blog is for you.

To help illustrate the points I am about to make, let’s use Microsoft’s ubiquitous on-prem Active Directory (AD) as our example. Over the past 15 years, AD has grown to be the foundation of most organizations’ critical infrastructure. It is the source of many authentication and authorization actions, and provides users with the access they need to do their jobs. Mostly because of the sheer numbers of users, the applications they need to access, and the security that surrounds them, on prem AD is here for the long haul. But then new, cool opportunities like Office 365 showed up, and good ol’ on-prem AD doesn’t support the requirements for new cloud-based apps and resources. To access them, a new and different directory is required – Azure Active Directory (AAD).

Amid all the hype, a few critical things need to be understood:

  • AAD is NOT, and should not be treated as, a cloud-based version of the on-prem AD
  • AAD and AD each have dedicated and unique administrative interfaces and tools that does not natively interact
  • To give users a seamless experience across the on-prem and cloud worlds, a lot has to go on in the background (synchronization, provisioning, de-provisioning, rights assignment, etc.)
  • Any problems created within AD (such as inconsistencies and mis-assigned rights) are only magnified when synchronized with AAD
  • Administrator rights in AD are unlimited and when misused or fall into the wrong hands pose an extreme danger – the same is true of AAD, but it’s an entirely different credential and can’t be controlled by simply controlling the on-prem AD admin account

So how do we ensure that our hybrid AD environments deliver on their amazing potential, remain secure and enable business rather than get in the way?

One Identity has a long history of helping organizations get AD right and we’re positioned perfectly to extend that experience and knowledge to hybrid AD environments. We have multiple ways to show you how:

We’ve teamed with Windows security expert Randy Franklin-Smith on an in-depth webinar that covers key issues and opportunities of the hybrid environment. Check out the live webinar.

In addition, our AD management and security experts have collaborated on a valuable eBook called The Top Five Ways to Relieve the Pain of Managing Hybrid AD Environments. Get your copy of the eBook here.

And finally if you’ve heard enough already just want to experience firsthand unified management and security for your AD and AAD environments with a single tool, download a free trial of One Identity Active Roles.

And if you happen to be attending the RSA Conference in San Francisco. February 13-17, visit our booth (#3911 in the North Hall) and we’d be happy to demonstrate our newest release Active Roles 7.1 for you.

 

 

Anonymous