Zero Trust for IAM: Privileged Security for AD

Hi, I'm Megan Pennie, a member of the team here at One Identity. Today we're talking about privileged security for Active Directory, AD, Zero Trust, what that means, and why it's important for nearly every organization, including yours. Let me show you some numbers that highlight the risks that are facing many organizations today to help explain why you need to focus on this privileged access issue. 95% of Fortune 1,000 companies rely on Microsoft Active Directory and Azure Active Directory as their primary method for authentication and access management. So it makes sense that AD is a primary target of attackers when they want to compromise your data and steal from you. What makes it worse is that the native management tools that come with AD are lacking in adequate capabilities for admin accounts. Forester estimates that 80% of all data breaches involve the compromising and misuse of admin privileges. This means that managing your privilege security is essential to your security posture, especially as it pertains to hybrid AD. And this should be a top priority for you. A recent One Identity survey showed that IT professionals said that 88% find managing privileged passwords a challenge for them. 86% said that they do not change the privilege passwords after each use. And, unbelievably, 40% say they do not change the default admin passwords on their critical systems. With cyber criminals honing in on AD and Azure AD, you must effectively and securely grant administrator access. And if you don't, you expose your organization to security and compliance risks. So, why is this so difficult? Well, with the ever changing threats landscape, with lurking threats everywhere, the visibility and control necessary to fight it is lacking, leaving administrators quite frustrated with the challenges and hoops they have to jump through just to fend off those lurking threats, and work securely. Also, the Azure Active Directory and Active Directory admin accounts are all powerful, and are used every time a directory or user accounts needs updated or modified in some way. So this admin account is like a ring of keys with shared credentials that's often passed around, in a proverbial way. And that individual accountability is lost. So there's zero accountability, but increased overhead to manage those directory settings in both AD and Azure AD. But there is hope. It is possible to secure AD and Azure AD, and the right approach is a holistic one. There are two proven methods to securing and implementing a security approach for hybrid AD environments. The first is Zero Trust, where you eliminate the sharing of admin passwords and authenticate uniquely, dynamically, and specifically for every administrator action. The credential is checked out. Just taking, for example, one of those keys on the ring and giving it to one specified person for, perhaps, a specified purpose and specified period of time. The second is least privilege, where you don't want to have to issue the admin credential every time an admin needs to do their job. The day to day stuff. You can delegate permissions in this least privileged model that allows you to give each admin just the permissions they need. Nothing more, and nothing less. Now, just knowing who has access is not enough. You need the assurance that they're doing the right things with the permissions that they have. So no privileged access security program is complete without session audit that monitors the activities, and takes automatic action should unusual or risky behaviors occur. And it's always a good idea to use an additional layer of security for admin access with multi-factor authentication for any administrative action, whether it's least privilege, or Zero Trust. So a complete end to end privilege security for AD program enables you, not only to be secure, but also to preserve admin productivity, mitigate risks, simplify compliance, and defend against breaches. This type of approach to public security for AD keeps the bad guys out, and allows your business to move forward. Active roles provides the least privileged access for AD and Azure AD admins. And safeguard provides the Zero Trust. Combined in this One Identity solution, active roles will initiate a workflow. And that can launch a safeguard credential issuance and session audit that is automatic and doesn't have any IT lag in performance, so admins can continue to work the way they always have. All of the security, and none of the pain. One Identity has the most comprehensive privilege security for AD offering. To learn how you can get privilege security for AD right, go to oneidentity.com.