As the role of Active Directory evolves and becomes a central component of your infrastructure, consider the following steps to improve your security posture and your ability to facilitate productive business.
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Let’s face it. Individuals with malicious intent are constantly crafting new ways to penetrate your IT environment. One of the most pervasive security threats today is the internal user with excessive privileges and access to critical data. According to the Verizon 2010 Data Breach Investigations Report, 48% of data breaches are caused by insiders and of those incidents, 90% are the result of deliberate and malicious activity.
Small IT teams are tasked with maintaining business services (often dependent on Active Directory), enforcing secure administration practices, and rapidly responding to time-consuming user requests (Gartner, 2010).
The breadth of requirements puts already resource-constrained IT organizations under additional pressure to make contextual decisions about the validity of users’ requests, when in reality, only asset owners have the context necessary to make that decision. As a result, many employees, contractors and partners end up with access to more data than necessary to perform their assigned job. It is this access that creates an increased risk that organizations cannot tolerate.
There are solutions, processes and resources that exist to help you reduce organizational risk, manage identities appropriately, maintain services and do so with allotted resources. As the role of Active Directory evolves and becomes a central component of your infrastructure, consider the following steps to improve your security posture and your ability to facilitate productive business.
* Implement and enforce controls. Active Directory natively lacks the administrative controls necessary to maintain a secure environment. As such, organizations should seek to implement a solution that provides a granular separation of administrative duties. By granularly controlling access, you can more easily ensure that users with elevated privileged access are only granted access to data that is relevant to their job.
* Automate detection and remediation of unauthorized change. Your ability to reduce risk in your organization is dependent on your awareness that an event has occurred, coupled with your ability to remediate or rollback the change. Automating event detection and notification significantly reduces your risk exposure because you know more quickly an unauthorized change or access has been made. Knowing an event has occurred is the first step in reducing risk. The next step is to determine if you approve this activity or if you need to remediate the change.
By automating event detection and notification, you can quickly involve key stakeholders and expedite your ability to assess the risk associated with the unauthorized change. Seek to implement a solution that not only provides you automated notification, but can also automate the rollback process of an unauthorized event if stakeholders deem it necessary. Furthermore, compliance and security teams need the ability to perform forensics to determine the root cause of the incident, so all activity must be captured in audit logs that are securely stored and can be easily accessed.
* Reduce workload while improving adherence to process. To efficiently meet the demands of the business IT organizations should look for solutions that can automate and standardize some of the most common, routine, and burdensome administrative activities. While many solutions provide automation specific to a common task, you should seek a flexible tool that can tackle multiple common processes such as user provisioning and de-provisioning, compliance reporting, security checks and ongoing routine maintenance (which includes stale account clean-up). This ultimately reduces workload and improves process adherence across the IT organization.
* Simplify auditing and reporting. Most IT solutions provide native auditing and Active Directory is no exception. However, that native auditing is impossible to read and even more challenging to understand. To improve security and demonstrate compliance, all tools you employ should provide detailed and easy-to-understand auditing and reporting.
Make sure you can capture and demonstrate information in a way that is easy for a human to read and shows who performed an activity, what the activity was (including before and after values of a change), when the activity was performed and where the action took place. With this level of detail, it is much easier to perform forensics and generate meaningful reports that demonstrate compliance. Without this information, your IT staff could be forced to dig through hundreds of thousands of audit logs when performing forensics after a security event, as activities are typically logged continuously, creating massive volumes of data to dig through. Looking for a specific event in that volume of data is like pursuing a needle in a haystack.
While Active Directory plays an integral role in enterprise IT, most infrastructures comprise multiple flavors of UNIX, Linux, Mac, VMWare ESX and other systems and applications. These various platforms present similar challenges with respect to control, change detection, administrative burden and compliance. Consider leveraging the controls you instituted in Active Directory to control and secure your heterogeneous computing environment.
Leveraging Active Directory as your single source for authentication and authorization across the heterogeneous computing environment enables you to eliminate the burden associated with administering multiple identities. It also enables you to standardize security controls and policy across various computing platforms, making auditors and security teams smile in response.
Your role as a facilitator of productive business enablement depends on your organization’s ability to efficiently administer and effectively secure your computing environment. To do such, go beyond the native capabilities provided by Active Directory and your other systems by instituting controls, auditing activity and offloading the common administrative tasks to automation.