Active Directory® without a Domain

Is there any value to Active Directory® (AD) without a domain? While that may seem counterintuitive at first blush, the answer is yes, there is a tremendous amount of value in that proposition. There is one caveat, though: that’s not how Microsoft® AD really works. Before we dig in to why the concept of Active Directory without the domain is an interesting thought, we should take a step back and evaluate the current IT landscape. Doing so will allow us to uncover what exactly is driving the questions around domainless Active Directory.

Tools Existing Outside of the Domain

With the introduction of the cloud and non-Windows® resources into IT environments, the bedrock of what used to make up IT networks has shifted. The introductions of cloud infrastructure from AWS®, web applications (Slack, Salesforce®), macOS® and Linux® systems, WiFi, non-Windows file servers, G Suite™ / Office 365™, and more has forced IT admins to look for new approaches to manage their heterogeneous and dispersed infrastructure. Couple that with an intense focus on security because of what feels like daily breaches in the news, and a new operating and security model is required. That is, a security model that regards all sources of network traffic as a potential threat.

Zero Trust, Zero Domain

The security architecture we’re talking about is Zero Trust Security. With a model implementation by Google called BeyondCorp™, Zero Trust Security is having a ripple effect throughout an organization’s IT infrastructure. And, perhaps the most critical impact has been on the identity provider and domain concept. Zero Trust Architecture starts with the idea that everything on the network is untrusted and there is not a network perimeter. In other words, there is no internal domain that is “safe” and an external realm that is “unsafe.” As a result, this approach to security has forced many IT organizations to question the domain altogether. They want to know if they can still manage user access to IT resources without the domain, which is how we come full circle.  

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: