wonderfully unique software solutions

Five tips for practising ‘zero trust’ in Active Directory

Define the surface to be protected, map transactions, architect the network, create policy and then implement monitoring of traffic, accounts and data — those are key steps to a ‘zero trust’ strategy even in Active Directory environments, according to Lepide.

Aidan Simister, writing for the data security platform provider, said that developing full understanding of who and what should have access to a resource, its location and how or why it is used, remains important.

“You must ensure that you are monitoring all events relating to the way your user accounts and sensitive data are being accessed and used,” Simister said.

The Microsoft Active Directory environment that stores information about objects on the network and exposes this information for administrators and users qualifies as a critical resource which must be protected, he says.

That means looking at solutions that can scan repositories wherever they are and automatically classify data according to a chosen schema. And never mind passwords — ‘zero trust‘ means not even administrators and admin-level privileges can be ignored.

“When an admin account requires elevated privileges, for whatever reason, they must be granted what is called just-in-time access, where access rights are temporarily granted and then revoked as soon as they are no longer required,” Simister said.

Simister suggested adopting a multi-factor authentication solution that integrates with Active Directory and warns users not to automatically authenticate on-prem users with Azure.

“The policy is to never trust, always verify. As such, you would be better off asking your employees authenticate themselves each time they need access to a critical resource,” Simister said.

That also meant monitoring all access to sensitive data of any kind. While it is theoretically possible to manually scrutinise server logs for suspicious activity, this is likely a slow, painful and error-prone process.

“A better approach would be to adopt a dedicated real-time auditing solution which will display a summary of important events via a single dashboard,” Simister said.

Most sophisticated offerings today use machine learning models to automatically detect and respond to anomalous user activity with real-time alerts sent to an inbox or mobile device, he added.

“Modern IT environments are a lot different from 15 or so years ago. They have become more distributed and dynamic, with employees accessing their corporate network from various locations and devices,” Simister pointed out.

Read the full blog post.

( Photo by Kristin Wilson on Unsplash )

Recent Articles

Octopus Deploy follows Codefresh buy with 2024.1 Server

Continuous delivery (CD) pipeline platform vendor Octopus Deploy has acquired fellow development software specialist Codefresh and rolled out a new version of...

Top-25 cloud list runs gamut from Visma to Cloudflare, Wasabi to Azul

The Software Report market insights website has named 25 software companies as the top companies in cloud computing for 2024, offering specific...

TeamViewer partners Deloitte on digital visuals for warehouse logistics

Deloitte and TeamViewer have combined the latter's augmented reality (AR) based visual picking offering with SAP Extended Warehouse Management (EWM) for warehousing...

Hornetsecurity expands M365 cloud security offer with Vade deal

Cloud email security provider Hornetsecurity has added a partnership with Vade, increasing focus on answering data sovereignty requirements with best-in-class cloud, compliance...

Cross-browser testing provider BrowserStack named Microsoft ‘partner of choice’

Software testing platform provider BrowserStack has announced a strategic partnership with Microsoft to support Visual Studio App Center users transitioning to BrowserStack...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox