The IT security movement has been shapeshifting again, and IT pros everywhere are looking to find a bridge over troubled water. It’s their responsibility to connect the dots between tools like Azure® AD DS and Zero Trust Security in order to shepherd their organizations and end users safely across to dry land.
For many years, there were specific models and static approaches that IT organizations used to surround and protect their company digital assets. Most notably, you might remember there was a defense in-depth approach that was sometimes referred to as layered security. Now, however, a new model known as Zero Trust Security is rising to meet the incoming tide of cyber threats.
Does Microsoft® Understand Zero Trust?
With the focus on Microsoft® Azure specifically, and its related services such as Azure AD DS (Active Directory Domain Services), many IT admins are trying to understand where Azure AD DS leaves them in regards to Zero Trust Security.
The Zero Trust Security model is founded on several core assumptions, the main of which explicitly states that everything and everyone is untrusted by default. It’s not personal—it’s just modern cyber security. Once trust is verified by triangulating the user’s identity through a variety of measures, permission to access or connect to the necessary IT resources is granted. It’s no exaggeration to say this model fundamentally has changed the approach that IT admins take to securing their networks, from the inside out.
As Microsoft starts to shift their entire base of customers to the Azure platform, a key part of that migration is the identity and access management (IAM) solution, Azure AD DS. Unfortunately, this isn’t as straightforward as IT admins may think. Azure AD simply isn’t a replacement for the on-prem Active Directory® platform, and instead, Azure AD acts as a complementary tool to on-prem servers. For Azure related services, Azure AD DS provides a domain where users can log in and then subsequently have access to whatever they need within Azure using specific rights established in the domain.
Needing an Alternative to Azure AD DS
If IT (Read more...)