Hybrid Directory Security: Don’t Let Threats Multiply like Tribbles

Star Trek

As the 50th anniversary of the Star Trek TV series looms, it’s interesting to think of the wisdom that can be shared from the many voyages of starship Enterprise as it went “where no man has gone before.” Remember “The Trouble with Tribbles” episode from season two? Seemingly benign aliens reproduced at amazing speed, consuming incredible amounts of food as they took up every nook and cranny of the starship. As a result, these cuddly fur-balls turned into stealth, ravenous creatures that threatened the mission.

Tribbles in Your Active Directory

The expression “multiplying like Tribbles” is taking on new meaning today as companies move to the cloud at an unprecedented rate. According to Microsoft, 70 percent of Fortune 500 companies purchased Office 365 in a recent 12-month window, making it the company’s fastest growing commercial product ever. On average, about one million O365 subscribers each month are moving on-premises applications, such as Exchange, SharePoint and Lync, into the cloud.

Management tools are more important than ever as IT administrators look to maintain and simplify not only on-prem investments, but securely leverage new cloud opportunities. Consider the fact that more than 75 percent of enterprises with over 500 employees that have adopted Azure Active Directory/O365 are keeping and synching their on-prem AD identities to Azure AD/O365 as part of a hybrid directory environment. This is due to the fact that AD has been used for nearly two decades to manage endless apps, servers, workstations, IT processes and users and these need to be maintained.

It’s quite common for companies to use on-prem AD as their main source for employee authentication, identity management and access control policies for on-prem Microsoft Office as well as hundreds of custom, line-of-business applications. Yet, as businesses adopt a hybrid AD environment, how do you ensure both your on-prem AD and Azure AD environments are secure?

If on-prem AD is not completely secure, then both Azure AD and Office 365 could be vulnerable to a “Tribble-trove” of potential threats. That’s why it’s essential to have a security methodology that ensures the right people have access to the right resources.

Since a hybrid directory environment is only as secure as its weakest link, the following steps should be taken to fortify all on-prem AD foundations:

Step 1: Continuously Assess Who has Access to What Data

Constantly evaluate permissions as well as members of privileged and sensitive business groups to ensure information is accurate and up-to-date. For example, know who has the ability to backup and restore AD, because these folks have keys to the kingdom.

Step 2: Monitor Activity in Real-Time to Detect Potential Security Threats

The key to thwarting insider threats is real-time monitoring and early detection of suspicious activities. That’s why it’s so important to maintain an established security baseline. As soon as an action deviates from this baseline, such as an administrator gaining access to a Payroll Security Group, you can react quickly and decisively to reduce exposure risks.

Step 3: Remediate and Mitigate Risk Exposures

The unfortunate reality is data breaches are occurring at an alarming rate, so all companies should have an action plan for remediating and mitigating risk exposures. Once an unauthorized access is detected, for instance, permissions should be changed immediately. By automating security policy enforcement and deploying permission whitelisting across both AD and Windows, you can mitigate the risk of recurrence.

Step 4: Investigate and Recover

In the final step, security baseline information is correlated with fine-grained auditing to provide more detail about why the exposure happened in the first place. Equipped with a 360-degree view—from origination to conclusion—AD administrators can dissect the anatomy of a security incident while expediting a recovery action plan.

Keep Your Goal In Mind

If any damage to data or systems occurred, you’ll need a fast and reliable method for recovering data and restoring the on-prem AD infrastructure. The goal is to minimize the impact on business operations, so it’s essential to have an automated and foolproof recovery solution.

Of course, work isn’t done once the incident is resolved. Ensuring on-prem AD security is a continuous lifecycle, requiring best practices, due diligence and automated tools to speed and support each critical step.

For years, enterprises have relied on our Active Directory Security Suite to protect the integrity of AD infrastructures. Now, as they move to the new frontier of cloud-enabled apps, they’re still relying on our automated AD management tools to bolster the safety and security of hybrid directory environments.

What are you doing to maximize AD infrastructure integrity while avoiding threats that multiply like Tribbles? Connect with me on Twitter at @AlvaroVitta to share how you’re minimizing risk and downtime.