BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Webcast Recap: Leveraging Active Directory as a Unified Identity Store with Microsoft MVP, Darren Mar-Elia

Posted May 29, 2014    Chris Burd

darren-mar-eliaWith over 15 years of history, Active Directory (AD) is the original source of authentication and authorization as a service, providing businesses with a trusted way to consolidate and manage identity. But how and why companies use AD – from an OS directory to an identity store – has constantly evolved.

BeyondTrust recently partnered with Darren Mar-Elia, Microsoft MVP and Contributing Editor at Windows IT Pro Magazine, for a webcast discussing the advantages and history of consolidating identity on AD. Below are key takeaways from the webcast, followed by an on-demand recording of the presentation.

Active Directory to control access to corporate resources

Mar-Elia notes that, while we may prioritize different aspects of the IT environment today, the main purpose of AD hasn’t changed much over the years. In most enterprise environments, AD is vital in authenticating users (via Kerberos) and controlling access to company resources (think SharePoint and mailbox access).

As the IT industry develops, AD provides greater ongoing control over access to corporate resources such as Windows desktops and servers and Linux/UNIX servers, not to mention applications that run on a variety of platforms like Sharepoint, Weblogic Java, and NAS appliances. The result is the use of AD as the de facto standard for identity in the enterprise, regardless of which device is connected.

Active Directory to reduce your identity footprint

As controlling access and provisioning and de-provisioning become more critical, IT teams place more importance on consolidating the identity stores they need to worry about. But since, for many companies, AD is just one of many identity stores and meta-directories, it’s not always being used to its fullest potential.

In order to protect your data, you need to be able to easily track who has access to which resources. Consolidating identity into AD allows you to reduce the number of directories to synchronize, thereby organizing and reducing your identity footprint. It also reduces the number of places you need to audit and monitor for authentication and authorization, as well as the points of control for provisioning and de-provisioning. Finally, it provides the ability to leverage the same tools you use for managing AD for managing authentication and authorization for most of your IT resources.

AD as a single platform to audit the use of authoritative data makes your life easier – auditing access, changes, and usage across all platforms becomes a matter of collecting and reporting on AD security logs. To improve your internal security processes, consolidate your identity stores and use AD for reporting and auditing. From authentication and authorization for users, to applications for monitoring a variety of platforms, AD can provide a single “source of truth” for identifying people and their functions despite organizational changes.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

Tags:
, , , , , , ,

Leave a Reply

Additional articles

Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.

password-safety

What Does Microsoft Local Administrator Password Solution Really Do?

Posted May 19, 2015    Morey Haber

LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more.

Tags:
, ,
webinar_ondemand

On Demand Webinar: Securing Windows Server with Security Compliance Manager

Posted May 14, 2015    BeyondTrust Software

On Demand Webinar: Security Expert Russell Smith, explains how to use Microsoft’s free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.

Tags:
, ,