In the wake of a cyberattack, Active Directory is sometimes dismissed as just another service that needs to be recovered, and security is an afterthought. But the hard reality is that if Active Directory is compromised, so is your entire environment.
90% of organizations use Active Directory as their primary store for employee authentication, identity management, and access control. Today, it’s becoming more common for organizations to take a hybrid approach to identity and focus on the cloud interdependencies and complexities that result. But it’s important to understand that cloud identity still depends upon the integrity of on-premises Active Directory.
Since Active Directory is used as a source from which to sync to other identity stores, any tampering with Active Directory can cause a devastating ripple effect across your identity infrastructure. It’s a common scenario that often catches security leaders off guard.
Active Directory and the insecurity ripple effect
A change made within on-premises Active Directory by an attacker can provide access to much more than just local resources. An attacker, can for example, make a compromised on-premises user account a member of a Sales group in Active Directory. This group likely would provide access to on-premises systems, applications, and critical data.
But because Active Directory often federates with cloud applications via external IDP (e.g., Azure AD), it’s reasonable to assume that this same change in membership could allow access to a cloud-based CRM environment (like Salesforce), customer data (hopefully contained to the breached account, but more likely to the entire organizational data) and other resources.
In many cyberattacks it’s more complex than the example above, where it’s necessary to gain elevated privileges via one account only to compromise a second, th ..
Support the originator by clicking the read the rest link below.
