dcsimg

Securing AD for Hybrid Cloud Environments

  • Securing AD for Hybrid Cloud Environments-

    Restrict Permissions

    Step 4: Restrict permissions at the most likely points of exploitation.

    To avoid breaches from recurring after remediation, companies should deploy the principle of least privilege, a model to further restrict the permissions available for AD tasks and Group Policy Object (GPO) permissions. Mitigation focuses on automated controls at the most conspicuous points of exploitation. This includes externalizing AD permissions and controlling them in a proxy model, enforcing a real-time whitelisting model across AD objects and GPOs, using sequential group memberships coupled with approval workflows to lower risk within permanent memberships, and employing password vaulting to protect service accounts.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

Securing AD for Hybrid Cloud Environments

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
  • Securing AD for Hybrid Cloud Environments-5

    Restrict Permissions

    Step 4: Restrict permissions at the most likely points of exploitation.

    To avoid breaches from recurring after remediation, companies should deploy the principle of least privilege, a model to further restrict the permissions available for AD tasks and Group Policy Object (GPO) permissions. Mitigation focuses on automated controls at the most conspicuous points of exploitation. This includes externalizing AD permissions and controlling them in a proxy model, enforcing a real-time whitelisting model across AD objects and GPOs, using sequential group memberships coupled with approval workflows to lower risk within permanent memberships, and employing password vaulting to protect service accounts.

Adoption of cloud services has undeniably soared, with Microsoft calling Office 365 its fastest growing commercial product ever, and more than 70 percent of Fortune 500 companies now using at least two different Microsoft cloud services. However, while organizations are actively deploying more cloud applications, they are also keeping on-premises solutions, creating a hybrid environment of both on-premises and cloud-based applications.

To manage employee authentication, identity management and access control policies across hybrid environments, companies often leverage the Azure Active Directory (AD) Connect management tool, which performs a one-way sync from on-premises AD to the online Azure AD. The problem is that on-premises AD does not include the same types of security controls that the cloud-based version does, leaving a big hole in an organization's security program that exposes the business to risk.

In this slideshow, Alvaro Vitta, principal solutions consultant specializing in security at Quest Systems and Information Management, recommends six steps for organizations to strengthen their hybrid directory environment to ensure successful hybrid cloud environment performance.