Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Webcast Recap: Leveraging Active Directory as a Unified Identity Store with Microsoft MVP, Darren Mar-Elia

Posted May 29, 2014    Chris Burd

darren-mar-eliaWith over 15 years of history, Active Directory (AD) is the original source of authentication and authorization as a service, providing businesses with a trusted way to consolidate and manage identity. But how and why companies use AD – from an OS directory to an identity store – has constantly evolved.

BeyondTrust recently partnered with Darren Mar-Elia, Microsoft MVP and Contributing Editor at Windows IT Pro Magazine, for a webcast discussing the advantages and history of consolidating identity on AD. Below are key takeaways from the webcast, followed by an on-demand recording of the presentation.

Active Directory to control access to corporate resources

Mar-Elia notes that, while we may prioritize different aspects of the IT environment today, the main purpose of AD hasn’t changed much over the years. In most enterprise environments, AD is vital in authenticating users (via Kerberos) and controlling access to company resources (think SharePoint and mailbox access).

As the IT industry develops, AD provides greater ongoing control over access to corporate resources such as Windows desktops and servers and Linux/UNIX servers, not to mention applications that run on a variety of platforms like Sharepoint, Weblogic Java, and NAS appliances. The result is the use of AD as the de facto standard for identity in the enterprise, regardless of which device is connected.

Active Directory to reduce your identity footprint

As controlling access and provisioning and de-provisioning become more critical, IT teams place more importance on consolidating the identity stores they need to worry about. But since, for many companies, AD is just one of many identity stores and meta-directories, it’s not always being used to its fullest potential.

In order to protect your data, you need to be able to easily track who has access to which resources. Consolidating identity into AD allows you to reduce the number of directories to synchronize, thereby organizing and reducing your identity footprint. It also reduces the number of places you need to audit and monitor for authentication and authorization, as well as the points of control for provisioning and de-provisioning. Finally, it provides the ability to leverage the same tools you use for managing AD for managing authentication and authorization for most of your IT resources.

AD as a single platform to audit the use of authoritative data makes your life easier – auditing access, changes, and usage across all platforms becomes a matter of collecting and reporting on AD security logs. To improve your internal security processes, consolidate your identity stores and use AD for reporting and auditing. From authentication and authorization for users, to applications for monitoring a variety of platforms, AD can provide a single “source of truth” for identifying people and their functions despite organizational changes.

> Learn about BeyondTrust’s solutions for Active Directory Auditing and Recovery
> Download a PDF overview of our Active Directory Auditing and Recovery solutions

, , , , , , ,

Leave a Reply

Additional articles


Scottrade Breach: Identified by Federal Officials

Posted October 5, 2015    Morey Haber

Late afternoon on October 2nd, news leaked out of another large security breach, now at Scottrade. The identity count of records, in the millions again (4.6 million is the latest). This breach comes on the second day of national CyberSecurity month, the first being Experian/T-Mobile breach.

3d image Data Breach issues concept word cloud background

Experian/T-Mobile Data Breach: When 2 Days is not Enough

Posted October 2, 2015    Morey Haber

On October 1, Experian admitted full responsibility for the loss of T-Mobile customer data. 15 million user records dating back to 2013 were effected in the breach, with data including sensitive information that may be decryptable like social security numbers and drivers licenses.


Who Moved My Front Door? (What is Privileged Account Management?)

Posted October 1, 2015    Nigel Hedges

Not too long ago, I was sitting in a room with a very fluffy sales guy. In between words such as “we’ll make this happen” and “leave it with me, I’ll get it sorted” he asked the question “What is Privileged Account Management”?