For most IT organizations, using Microsoft® Active Directory® is often a default choice. For almost 20 years now, there hasn’t been a viable alternative to the legacy directory services solution. As traditional security methods shift to the new Zero Trust Security model, is Active Directory the right solution to take organizations forward? In this article, we’ll discuss Active Directory and Zero Trust Security.
It is critical to start the discussion by defining Zero Trust Security, and exploring why it is an important security approach for IT organizations.
What is Zero Trust Security?
The premise of Zero Trust Security is that all IT resources (and users) are untrusted. Only after they have been challenged appropriately can they be trusted, assuming they have passed those challenges. This is largely diametrically opposed to the perimeter security model, where IT resources and people are considered safe on the inside of the network, and insecure on the outside. Traditionally, the internal network was created by Microsoft Active Directory (AD) as the domain controller on-prem, secured by using firewalls and VPNs.
Of course, the modern world we live in doesn’t work this way. End users are working from home and on the road with a variety of compute devices, in addition to accessing IT resources not hosted internally. Add to that the constant announcements of data breaches and compromises, and it is clear that the existing security model doesn’t work. In short, there is no internal network and network perimeter, but rather a fluid Internet where users hop on and get work done, hopefully securely.
The Rise of Zero Trust
Understanding the realities of how modern users work and organizations function, along with the reality of security and compliance requirements, the Zero Trust Model emerged as a different approach to building and running modern networks. Every interaction would be required to build trust. The concept of joining a domain and being on the ‘inside’ with safety wouldn’t exist.
For most IT organizations, Active Directory has been the identity management standard, along with the concept of the domain. IT admins connect their users to (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/active-directory-zero-trust-security/