What is Zero Trust Security? Zero Trust is a security model that is built on the hypothesis that threats exist both inside and outside your network, and therefore, aims to eliminate the concept of trust from an organization’s network architecture. Its implementation centers on strict access controls (without trusting anyone by default), which translates into…
Active Directory has become a popular pathway for ransomware attacks. Take a deep dive into the exploitation tactics for proactively implementing preventive measures and disrupting threat activity. Active Directory (AD) is an on-prem identity management product that holds a plethora of identity-related information. About 90 percent of Fortune 1000 companies use Active Directory as a…
Current research regarding cyberattacks shows that hackers target Groups in Active Directory, Azure AD and Office 365. Why are groups so attacker-friendly? The CrowdStrike 2019 Global Threat Report discusses how long it takes for attackers that have compromised a single endpoint to move laterally within your network. The Russians have the best average time at a little…
There has been a lot of talk over the past few years on Just In Time provisioning. That is, using an SSO (Single Sign On) platform to create nearly real-time accounts in web-based applications the first time they are used. This increases productivity and reduces the amount of work required for IT workers to create…
The delegation of directory administration to those outside of IT is a concept whose time has come. But it can’t be done hap-hazardly; IT needs to define what is being delegated and to whom. We’re at a point in the evolution of our industry that two truths have come to fruition: IT no longer has…
Azure AD Gets on the Group Expiration Bandwagon I recently wrote about the need for group expiration as part of a comprehensive lifecycle approach to group management. It’s a necessary step, given the life of group objects in any of the directories you manage won’t last forever. The only exceptions, generally, lie around built-in administrative-type…
The shift to the cloud has many organizations focused on the productivity features available in a given cloud suite. And M365 is no exception. There’s a long list of applications in M365 – a list that’s continually growing. But, Using M365 isn’t just about productivity; it’s also about security and control for IT. And, like…
At the core of every environment that is designed to make people productive is the need “under the hood” to be able to establish what users of that environment can do, what they can access, and – in many cases, how they can easily communicate with other users. The long-standing methodology (with a few exceptions…
Directories, How Many Are You Really Managing? Directories came from a simpler time – one where a single, on-premise directory was enough. But recent shifts in how businesses leverage technology – such as the digital transformation, and the move to cloud-based applications and infrastructure – have given way to use of SSO (link), concepts like…
In my last article, I introduced the merits of using Single Sign-On within your organization. In it, I discussed the possible security gaps that can multiply as you, in essence, extend your on-prem directory service to include multiple directories. And, while there are security benefits for using SSO – centralized policies and administrative work (which…