Active Directory is a prime target for cybercriminals because getting control can give them access to all your corporate assets. Given that, it might seem reasonable that companies are spending a lot of time protecting it. Unfortunately, while many organisations think they are doing enough, the reality is that too many leave their Active Directory insecure.
ET asked Crandall why is it so challenging to protect AD? Crandall replied: “There’s no longer this hardshell perimeter. There’s this gooey middle and they are going after Active Directory.”
But getting teams to work together can be challenging. Crandall commented: “You have a bit of a divide that’s going on. You have the Active Directory administrators and you have the security teams. Sometimes they talk well, and sometimes they don’t, and their priorities compete. So part of it is just getting alignment.”
Perhaps the biggest challenge for AD is that it is not a static entity, it is in a state of constant change. Users, devices, software – all want their own entries in AD. That creates an ever-increasing complexity that can be hard to understand.
Crandall said: “It’s so hard. It’s been viewed as plumbing for so long that it really is going to take a change in thinking and prioritisation. It’s not necessarily going to happen from the bottom up because the guys that are doing the work know the complexity.
“The problem is, is you can’t deal with security in a world that’s changed in a traditional way. One innocent misconfiguration, we’ve seen it so many times already, and you get one replication error on your domain controller, can have material consequences.”
To hear what else Crandall had to say, listen to the podcast.
Where can I get it?
You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.