As the COVID-19 pandemic spread, efforts to contain it included forcing organisations to shift large parts of the workforce to remote working. This raised issues around remote secure access to resources stored either in the cloud or in the data centre.
A 2020 global study of 1,216 global IT security professionals by Dimensional Research, commissioned by One Identity, revealed barriers to zero trust adoption across 10 markets worldwide, including Australia, Hong Kong and Singapore. The study is focused on the use of Microsoft Active Director (AD) and Azure Active Directory (AAD).
An Active Directory is an umbrella title for a broad range of directory-based identity-related services. In its simplest term, an Active Directory is a live directory or database that stores user accounts and their passwords computers printers file shares security groups and their respective permissions.
The study noted that 48% of respondents stated that granting and revoking access through AD and AAD has proven to be more important than ever, further revealing that companies use AD/AAD as the part of their identity management programmes.
Adoption trends by industry
However, the migration to AAD is slow going, with companies operating in various stages of AD/AAD migration. Only 8% of companies globally have fully moved to AAD, with only 9% planning to do so in the next year.
The study also showed that the higher education industry has lagged the most with only 4% fully adopting AAD – but there is not much progress across industries as a whole, with only 6% cent in the healthcare industry and 12% of government agencies.
Rapid changes in AD/AAD cause for concern
The rapid shift to remote work in 2020 also led to a dramatic increase in cloud adoption. This has raised security concerns.
For instance, storing access credentials in the cloud is a concern by nearly all respondents with Hong Kong (91%) reporting the most concern although not much further compared to Singapore (87%) and Australia (86%).
Though the shift to remote work highlighted security challenges for businesses, it also brought renewed confidence to IT practitioners. For example, 61% of respondents in Singapore stating they are more confident in their organisation’s identity management programme and management of privileged accounts, as a result of COVID-19.
Zero Trust adoption trends
At a recent CXOCIETY virtual roundtable on “Architecting a Scalable Trust Strategy” participants acknowledging familiarity with zero trust as a security concept also admitted to difficulty selling the idea to leadership.
Managing and securing AD and AAD with a dynamic Zero Trust approach is critical to success and can help businesses improve their overall security posture to address the reality, as evidenced in other studies, that show 80% of breaches involve compromised or weak administrative credentials.
Given the unique challenges of the sudden shift to remote work amidst COVID-19, businesses should look toward integrating AD/AAD with a strong privileged access management (PAM) solution in order to harness the full value of AD and AAD, dramatically increasing the security of their IT environments.
“With 95% of global Fortune 1000 companies relying on Active Directory to manage their users’ access, and the swift move toward Azure and cloud adoption, it becomes a natural starting point for businesses looking to implement a Zero Trust security model,” said Bhagwat Swaroop, president and general manager, One Identity.
He cautioned that AD by itself is not equipped to meet the standards of Zero Trust architecture, and it lacks the ability to store, issue and manage privileged credentials as seen in traditional privileged access management (PAM) solutions.
“To simplify AD’s challenges, companies need to invoke zero-standing-privileges by combining a strong PAM strategy and technology with their AD management and workflow programme in order to create the Zero Trust model they critically need,” he continued.
Serkan Cetin, technical director, APJ, One Identity, added that whilst it has always been important to protect sensitive data, the events of the past year and work environment changes have increased the visibility and priority of cybersecurity for all organisations. Moving forward, organisations need policies that can secure a hybrid workforce using Zero Trust architecture principles.
With adoption of Zero Trust framework becoming a major focus for enterprises, “having a strong strategy for managing privileged access, combined with effective AD management, is the key to strengthening security posture against potential attacks and unlocking business value,” Cetin concluded.