Currently, 90% of organizations worldwide rely on Microsoft's Active Directory solution to authenticate and authorize users on their networks. Yet while Microsoft's launch of the cloud-based Azure Active Directory (AAD) and Office 365 have since fueled steady growth in enterprise cloud adoption, many adopting this cloud-based directory still find themselves firmly planted in on-premises environments, leading to vast inconsistencies - and glaring gaps in security.
I recently spoke with Jackson Shaw, SVP of product management at One Identity, about this very topic, which is an area where his company is attempting to help organizations tackle those very security gaps. One Identity recently rolled out a new release of its Active Roles product - the first update since One Identity and its solutions spun out from the Dell umbrella last fall. Active Roles 7.1 is said to help organizations seamlessly manage risk-related issues in on-prem, cloud-based and hybrid enterprise ecosystems and overcome the limitations of subpar native tools.
VMblog: What is the driving force
behind the increased enterprise adoption of hybrid cloud deployments?
Jackson Shaw: The increase in enterprise adoption of hybrid cloud
environments is driven by digital transformation -- the investment and adoption
of innovative technology solutions intended to enhance competitive
differentiation and fuel business growth. In today's modern enterprise economy,
the first step towards digital transformation can occur through cloud adoption.
Because cloud adoption is a long process and cannot be thoroughly achieved
overnight, while digital transformation is in effect, hybrid cloud adoption is
a reality and will continue to be the reality for several years to come.
VMblog: How do enterprise productivity applications like
Office 365 play into the proliferation of hybrid cloud environments?
Shaw: According to recently published Microsoft data, Office 365 is
the company's fastest-growing commercial product, with approximately 70 percent
of Fortune 500 companies purchasing the service in the last 12-month time
period. Strong Office 365 adoption has translated into strong adoption of AAD.
This drive has created an industry-recognized trend called "hybrid AD" due to
the fact that, although the drive towards the cloud is significant, the vast
majority of organizations still leverage their current on-prem AD deployments
and will do so for the foreseeable future. As a result, organizations will
require a seamless solution to ensure that management and security is accounted
for in both the cloud and on-prem AD environments, ideally from a single
VMblog: What security challenges do organizations face as
they go through a digital transformation and add new cloud capabilities to
their legacy environments?
Shaw: The steadily rising appetite for cloud-based productivity
tools like Microsoft Office 365 and Exchange Online has driven quick adoption
of Microsoft's AAD - yet many adopting the cloud still, by necessity, have
their feet firmly planted in on-premises environments, leading to vast
inconsistencies in administrative processes and security execution.
Security challenges also arise from instances of shadow IT.
For example, line-of-business specific
departments such as Marketing or Sales, are leveraging cloud-based systems and
solutions without explicit IT approval. Although these systems and applications
are intended to help drive LOB departments forward, they are inadvertently also
creating security gaps.
Coupled with the shortcomings of native and other third-party
solutions, the rise of these hybrid AD/AAD environments has led to millions of
enterprises struggling with dangerous gaps in security and crippling
inefficiencies, due to gaps in IT skills, shortcomings of tools, and
unnecessary duplication of efforts.
VMblog: What sort of education around proper security and
management is necessary for IT teams that are leading efforts around hybrid
Shaw: Managing Active Directory is hard and native tools don't make
the lives of IT pros any easier. Time and effort are wasted when trying to manage
user accounts, group memberships, and other attributes in Active Directory with
manual processes, native tools, and cobbled-together scripts. In addition, and
most importantly, security for Active Directory is difficult. Left unchecked,
the AD Admin account has limitless power and lacks individual accountability -
if the Admin rights fall into the wrong hands, an enterprise faces serious
While certainly attractive, many organizations find themselves
coming up against roadblocks as it relates to adopting the cloud-based
Microsoft Azure - this is due in large part to the fact that the cloud version
of Active Directory (Azure AD) is entirely separate from on-prem AD and cannot
natively be managed and secured with the same tools and processes. The results
are inefficient identity administration, inadequate security, and lack of unity
across the on-prem and cloud environments. The vast majority of organizations
maintain a hybrid AD environment (either by choice or necessity) and find that
securing and managing that environment is fraught with risk, escalating
inefficiencies, and redundant error-prone processes.
When considering the move to a hybrid cloud deployment,
enterprise IT teams must consider solutions that will help overcome management
challenges, close security holes and reduce risk for BOTH AD and AAD.
VMblog: How does One Identity help IT teams address
challenges around hybrid cloud deployments?
Shaw: One Identity, a recognized leader in identity
and access management, recently launched a new release of its Active
Roles solution that helps to mitigate the challenges many
organizations face around managing complex hybrid AD environments. Thousands of
users already leverage Active Roles to manage on-prem Active Directory; now,
Active Roles 7.1 delivers a single management console, purpose-built to help
organizations overcome these time-consuming challenges. Active Roles 7.1 customers
can leverage a single unified platform for consistent administration and
security of both on-prem and Azure AD, enabling a seamless hybrid cloud
VMblog: What do you predict will be the next wave of
cloud-driven enterprise trends in the coming years? Will security and risk
management continue to play a driving factor in these trends?
Shaw: The cloud will only grow, and as it does, its on-prem
counterparts will shrink. However, the process will take time and, for most
organizations, will be a slow and gradual process. Consequently, any new
security solution should fully embrace the cloud - without ignoring the on-prem
world -- i.e., security solutions must be purpose-built with intentions of
seamless implementation and operation within a hybrid environment. As the cloud
continues to proliferate, in turn, the overall security perimeter will shrink
-- and as a result, the "new" security perimeter for consideration will be
related to controlling access to applications and data in hybrid environments.
In the future, organizations will have the ability to take the
best of on-prem security and extend it to the cloud, and take the best of cloud
security and efficiency and apply it back to the on-prem environment.