Hi. Today we're just going to give a quick introduction on how to prepare for a destructive cyber attack. Unfortunately, these are becoming more and more common.
A quick recap, though, just to understand what Active Directory means to us as an organization. Basically, the services that we use, the services that we provide our customers-- websites, phone systems, door entry systems, even our manufacturing-- all rely on Active Directory. It is not just an authentication service for users, it is so much more than that. In fact, everything we do depends on it.
The kind of threats that we get, well, we've had natural disasters, of course, but then we have the intentional acts from either people inside or outside our organization, trying to do something with our data or cause harm. We have the side effects from those attacks, because let's face it, the attacker really doesn't care about how they leave the environment at the end of the day. And then we've got the accidental damage. The poor admin, or somebody that's deleted something, or a rogue process that went astray, and we ended up with a bit of a mess, either corrupted data, changed data, deleted data.
So talking of data, what are the targets? Well, yeah, data is one of them. But again, our services. So the attacker may be trying to do a denial of service for us, or they may be trying to compromise a service to gain access to what it holds, or simply as a stepping stone to other customers of ours as we participate in the supply chain. We may not be the target of the attacker, just a means to an end.
It could be an attack against an individual. A manager or a head of an organization, someone may have a grievance against them. Or it could be simply to do as much harm as possible for an organization to stop them functioning, so an infrastructure attack. So deletions, inscriptions, corruptions, and misconfiguarations all run riot within our environment. How do we recover from that?
Or how do we stop it happening? That's the first question. Well, the problem is, that if you look at all the threats and all the targets and who can do it and what they could do, it's pretty much impossible to predict everything. Therefore, we can't stop it.
We can't put physical blocks in there or software blocks in there to every single thing. We also probably couldn't afford to do it even if we had the time and the ability to predict everything. So we do run through things like trying to analyze what's going on and see what's happening, work out where our vulnerabilities are, see what we can afford to do as an organization without hindering the function of the organization.
But at the end of the day, we are going to have to recover. So when we're considering our recovery, we need to have certain functionality. We need to be able to do enhanced planning.
The recovery process, if you do it manually or with disjointed systems, is complex. It's a 50-step process per domain to recover. So you need to be able to know what your limitations are. Have you got the people trained and skilled to do these recoveries?
If not, then you need to try and negate that requirement for that specialist knowledge. You need to have clear procedures that have to stay up to date, and you need to know what's business critical. Of course, there's no point recovering every domain if half of them don't actually service any function that the business is trying to meet there and then, such as your clients or your manufacturing.
But as we've said, you can't predict what people are going to do or where they're coming from or who they are, so you need flexibility to react at the time to the threat. You also need to be able to respond to your constraints, whether that's personnel or even hardware. And also, the business' demands are changing on an ongoing basis. So you have to be able to respond to those evolving demands.
So giving all of that, what we offer within Quest is this flexibility and planning. But we can take you beyond that. Why just use your investment in recovery just for the time when it all goes horribly wrong? In fact, why not use it on a daily basis to get really skilled up with it and understand it? So let us look at ways that we can use the investment in recovery and the functionality that Quest provides to go beyond that just simple recoveries phase.
So we've talked about recovering DCs, but hey, hang on a minute. Why don't we use some of the functionality to allow us to recover consolidate functions? Part of the problem with doing a recovery is the complexity involved in changing configurations. But Quest takes that complexity away. It automatically reconfigures. That allows you to consolidate controllers and functions safely in your environment.
We can then move, of course, because we can do bare-metal or clean OS recovery. So therefore, we can allow you to recover domain controllers to new underlying hardware and get away from those poorly configured or poor performing equipment.
And why not just go all the way off to Azure? Move some or all of your resources or functions to Azure. Avoid that limitation of having to have hardware on-premise. And if you're doing a recovery, we can completely automate that. So why not do that as part of your day-to-day process?
So what we're talking about here is going beyond today's needs and simply meeting what is required. Reorganize and optimize, and transfer and decommission in a safe and easy way without having to worry about major configuration issues that you would have in a manual process.
But actually, that begs the question, wait a minute, we want to practice this. We also need to create labs and understand what's going on. And that's one of the headaches that organizations have, is keeping a lab up to date, or even creating a lab accurately. Because if you're doing it with a manual process or a disjointed multi-tool process, then it is very difficult to achieve.
So Quest has the Virtual Lab creation function within it's recovery that allows you to select the components that are important from your live environment. And we reconfigure automatically through the software and provision into a virtual environment a representation of your lab, avoiding the danger of live contamination, making it efficient, making it repeatable. And that means that you can keep it accurate and keep it up to date because you do it very, very quickly.
Now, we talked about on-premise Active Directory. We'd go amiss if we didn't actually also talk about Hybrid Active Directory, because it's something that people seem to forget. Hybrid Active Directory allows you to replicate on-premise Active Directory objects, users, groups, and so on into Azure Active Directory.
But people think that then if they lose Active Directory on-prem, they just simply need to recover and let it replicate up, and we've got everything. But not the case, because, unfortunately, only existing in Azure Active Directory, you will have administrative accounts and cloud-to-cloud accounts. So you're going to have more accounts and groups in there than you have on-premise, guaranteed. You cannot avoid it.
And also, all of those on-premise replicated accounts and those cloud-only accounts are all going to have things like virtual machine access, cloud-to-cloud account joining. You have software as a service program allocations. You have Office 365 allocations, you have licenses, you have security policies, you have shares, you have comms and chats, all associated with those identities in Azure, and those replicated identities and groups in Azure.
The problem is, if you lose Active Directory, you will lose your representation in Azure. But that also means that you will lose all of the associations. And that also goes for if you delete any AD-only objects and groups. So therefore, if you're looking at recovering from on-premise Active Directory into Azure, there's a lot of information you're never going to get back.
And don't think that you can do this with the recovery through Azure either. Because if you do things programmatically or through replication, it doesn't go to the Recycle Bin. Also, many things don't go to the Recycle Bin by default, such as program applications assignments. So you have a great limitation there within Azure for recovery.
However, we've talked about our on-premise recovery previously. We also have our cloud recovery. Now, our cloud recovery allows you to get a 360 view because it communicates and collaborates with on-premise. This means that, with that collaboration, you from a single pane of glass can see what has changed on-premise and in the cloud, selectively decide to restore what you need, which is then replicated up into Azure. And then we automatically restore anything else that is missing of the objects and restore all of the assignments, giving you back your environment.
Thank you very much for this brief introduction to Azure Active Directory, on-premise Active Directory Hybrid, and what you should be considering when you're looking at a recovery solution. Thank you.