The ubiquitous use of Microsoft Active Directory (AD) and Azure AD in 95 percent of the global Fortune 1000 companies make it the primary target of cyberattacks. Now, as more and more organizations integrate their Privileged Access Management (PAM) into their AD strategy, it is even more important that AD is secure, particularly for privileged accounts.
Unfortunately, privileged access is often inadequately managed. Some of this is due to formerly common practices, such as admins using shared credentials to access certain critical resources or not even updating the default password for devices and systems.
However, there is hope. It is possible to secure the AD and AAD privileged accounts. The right approach is a holistic one. There are two proven methods for implementing PAM in hybrid AD environments:
- The first is Zero Trust where you eliminate the sharing of admin passwords and authenticate uniquely, dynamically and specifically for every administrative action. When needed, the credential is checked out with all the right approvals, perhaps only for a specified purpose or even a specified time period.
- The second is Least Privilege. You don’t want to have to issue the admin credential every time an admin needs to do his job. For the day-to-day stuff, you can delegate permissions in a Least Privileged model, giving each admin only the permissions they need – nothing more, nothing less.
This area is where AD can help secure privileged access. When combined with next-gen capabilities, such as those delivered by One Identity Active Roles and One Identity Safeguard, you can dramatically reduce your potential attack surface, bring individual accountability and compliance to your privileged access program.
It is critical to protect against AD/AAD-targeted security threats and provide visibility and control over privileged access – while also satisfying the need to improve hybrid administrative efficiency and reduce errors.