Active Directory Operations and Security
As the primary authentication and authorization service for the majority of IT systems, the importance of Microsoft’s Active Directory (AD) cannot be understated. Over time, AD has grown increasingly complex, less secure, and more difficult to manage, resulting in a growing problem for organizations large and small. Given its importance, AD is often viewed from two main perspectives: operations and security.
The ultimate goal of an AD operations assessment is to determine what your operational needs are, and then to define actions that need to take place.
The operations perspective starts with an assessment of your Active Directory environment, which is conducted to establish a baseline of operational needs. Think of assessing your environment and establishing a baseline like taking inventory. Your operations team is interested in cataloguing servers, networks, and applications – along with tracking performance metrics, establishing acceptable maintenance windows, etc.
Once your team has a baseline, you need to determine your operational needs. Needs may include monitoring, auditing, backups, and various Active Directory functionalities like AD DS, trusts, and Sites and Services. Knowing your baseline and operational needs makes defining actions easier, as you either automate tasks or perform manual tasks on a defined basis. Over time, your operations become more service-oriented, resulting in higher end-user satisfaction.
The security team’s perspective, on the other hand, is one that seeks to mitigate risk. Active Directory security typically involves vulnerability assessments, privileged account analysis, data protection, and credential abuse mitigation. Security professionals are also interested in the availability of AD—and they are equally concerned with the integrity and confidentiality of the directory’s contents.
Individuals charged with Active Directory security are often tools- and process-driven. As such, they often require third-party AD assessment technology designed to detect abnormal behavior in a veritable ocean of authorization and authentication events. Ultimately, these security professionals are trying to determine whether people are who they say they are and whether they have an appropriate (risk-mitigating) level of access to resources.
Operations and Security: An Amicable Separation?
A debate has been going on about whether security and operations functions should report to the same group within an organization. A recent article by Forbes detailed several opinions as to why the two should be separate, but concerns remain. Frequently it’s the security team that is left out of important company-wide planning because it’s a subcomponent of IT and, thus, often subordinate to operations. This common organizational hurdle can inadvertently open the company up to the very thing it’s trying to mitigate: risk!
The only way that an Active Directory security team can effectively identify and remediate vulnerabilities is to have complete visibility into all components that interact with AD. Since Active Directory is the primary authentication and authorization service for the majority of IT systems, AD’s reach likely encompasses nearly all of your organization’s operational scope and scale. However, regardless of organizational structure, to maintain the availability, integrity, and confidentiality of Active Directory operations and security must work hand-in-hand.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.