Migration delays prevent AD-centric zero trust security framework adoption

37 percent of IT professionals rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity management team, a One Identity survey revealed.

Given the unique challenges of the sudden shift to remote work amidst COVID-19, businesses should look toward integrating AD/AAD with a strong privileged access management (PAM) solution in order to harness the full value of AD and AAD, dramatically increasing the security of their IT environments.

According to a survey of 1,216 IT security professionals, 48 percent of survey respondents stated that granting and revoking access through AD and AAD has proven to be more important than ever, highlighting that companies are using AD/AAD as the foundation of their identity management programs.

However, the migration to AAD is slow going, with companies operating in various stages of AD/AAD migration. Only 8 percent of companies globally have fully moved to AAD, with only 9 percent planning to do so in the next year.

Higher education industry has lagged the most

The study also showed that the higher education industry has lagged the most with only 4 percent fully adopting AAD – but there isn’t much progress across industries as a whole, with only 6 percent in the healthcare industry and 12 percent of government agencies.

Nine in ten organizations have concerns about storing access credentials in the cloud, according to the results, a startling statistic given that nearly all companies transitioned to remote work this year, leading to a dramatic increase in cloud adoption, with 31 percent of IT professionals stating that their increased investment in cloud was a direct result of COVID-19.

Managing and securing AD and AAD with a dynamic zero trust approach is critical to success, and can help businesses improve their overall security posture to address the reality, as evidenced in other studies, that show 80 percent of breaches involve compromised or weak administrative credentials.

Remote work bringing confidence to IT practitioners

Though the shift to remote work highlighted a number of security challenges for businesses, it also brought renewed confidence to IT practitioners, with the majority of respondents stating they are more confident in their organization’s identity management program, and in the security and management of privileged accounts, as a result of COVID-19.

“With 95 percent of global Fortune 1000 companies relying on Active Directory to manage their users’ access, and the swift move toward Azure and cloud adoption, it becomes a natural starting point for businesses looking to implement a zero trust security model,” said Bhagwat Swaroop, president and general manager, One Identity.

“Yet, AD by itself is not equipped to meet the standards of zero trust architecture, and it lacks the ability to store, issue and manage privileged credentials as seen in traditional privileged access management (PAM) solutions. To simplify AD’s challenges, companies need to invoke zero-standing-privileges by combining a strong PAM strategy and technology with their AD management and workflow program in order to create the zero trust model they critically need.”

Industry practices recognize that migration delays stand in the way of adopting an AD-centric zero trust security framework. Companies must plan for AD and AAD as they adopt zero trust and should integrate their AD and PAM solutions.