Active Directory Experts Have a Future in Security

By Gil Kirkpatrick April 14, 2021 | Active Directory

Between the growth of cloud applications and a changing threat landscape, the world of a Microsoft Active Directory (AD) professional has changed significantly over the last 20-plus years.

As in any other area of IT, the drive and curiosity to level up one’s skills to keep pace with evolving technologies is one of the most critical attributes AD engineers and architects can have.

After two decades of focusing on on-premises systems, users, and applications, most AD professionals are now responsible for cloud integration and ensuring secure access for an environment where the traditional network perimeter no longer exists. AD pros must conduct this work while attackers continue to use increasingly sophisticated attacking tools to take advantage of AD configuration errors and Windows vulnerabilities, target user credentials, and try to maintain persistence in the on-premises systems.

In the face of this situation, technology leaders are recognizing the need to facilitate cooperation between security and identity teams to ensure secure user access in the age of cloud computing and an increasingly remote workforce.

Moving into the future, AD experts should expect to take a more active role in security discussions. This practice is not yet common, but as AD continues to be a go-to attack surface for cybercriminals, AD pros can seize this moment to contribute their expertise to the company’s security efforts. As organizations make identity the focal point for their security strategy and AD admins become more involved in security conversations, administrators who can broaden their knowledge and skillsets will demonstrate deeper value to the enterprise.

Changes in threat landscape bring opportunity for Active Directory professionals

In many respects, AD was not designed with today’s security challenges in mind—and it’s not just vulnerabilities like the issue exploited by the Zerologon attacks last year. Modern attackers also take advantage of built-in protocols in the Windows operating system and AD itself in their attacks.

Then there is the problem of ransomware. In recent years, ransomware attacks have been observed using Advanced Persistent Threat (APT) techniques, such as those provided by tools like BloodHound and Mimikatz, to perform reconnaissance and credential theft. In one case from 2020, a piece of ransomware used the SYSVOL share on AD domain controllers to spread malware throughout the target environment.

In the past, AD recovery planning focused primarily on events such as natural disasters, power failures, or administrative errors. Now, with the prospect of ransomware disrupting their entire IT operation, businesses need to prepare for a much more likely situation—a cyberattack that forces them to recover their AD from scratch.

Putting identity first

Mobile users and cloud computing have eroded the traditional network perimeter: The only control point among users, applications, and network assets is user identity. Digital identity touches all aspects of the modern enterprise. Every user needs access to the appropriate systems and applications to do their jobs. However, controlling access securely is far more than a productivity issue. Excessive permissions, weak passwords, and numerous other potential problems lead to data breaches, malware infections, substantial financial damage—and long nights for IT and business leaders.

As the ecosystem of cloud applications used by workers grows, handling the necessary integrations to AD is a challenge not just for the identity team. Extending security and access policies from on-premises AD into the cloud is a security issue as well. For those AD experts accustomed to their on-premises environment’s permission model, the mindset shift in integrating on-premises AD with Azure Active Directory (AAD) might be jarring. (For a more in-depth discussion about the implications of managing both on-premises AD and AAD in a hybrid environment, read “Top Risks to Watch for in Shifting to Hybrid Identity Management” by Doug Davis, Semperis Senior Product Manager.)

As always, however, with change comes opportunity. Understanding the new risks an organization faces and where AD fits in the security puzzle is a critical asset to digital transformation efforts. Identity professionals who can offer their expertise in conversations with the security team or C-level business executives will be in the best position to contribute to the company’s security plan and expand their own career prospects.

Level up identity and security knowledge

For Active Directory and other identity services professionals who want to contribute to the company security strategy, the key is to stay current—always one of the most challenging (and rewarding) aspects of an IT career. Think about all the technologies IT pros have used in their careers that are no longer relevant. How many technologies have reached their end of life and are no longer supported? Education is the key to adjusting to the ever-changing realities of IT security and operations.

The good news is that you can find abundant resources for IT professionals on the internet. Channel 9, for example, is a great resource for instructional videos about Microsoft products. Microsoft also provides preparation guides for Microsoft certification exams. Some security certifications identity pros should consider include “Security, Compliance, and Identity Fundamentals” and “Security Fundamentals.”  These and other certifications, besides being good resume proof points, will give identity pros a strong foundation in the security concepts they’ll need to bring to the discussions with technology leaders.

Still, nothing beats experience. Having hands-on experience in a lab environment—not only with on-premises AD but also with hybrid environments that use Azure, AWS, and Google Cloud Platform—is the only way to truly gain skill in managing it effectively and securely.

Always be a student of identity and security

As with all career paths in IT, change is the only constant. Pursuing mastery of any aspect of the industry, from security to app development, requires a commitment to keeping pace with different technologies and trends. With identity-related security risks increasing and cloud adoption growing, AD professionals need to understand—and strive to lead the discussion—in how identity management fits into their organization’s security strategy.

About the author
Gil Kirkpatrick
Gil Kirkpatrick
Gil Kirkpatrick is a long-time veteran of the commercial software industry and has focused on identity and access management products since the early 1990s. He has held technology leadership roles at HTS, NetPro, Quest Software, and ViewDS Identity Solutions, and is known as the founder of the Directory Experts Conference (later renamed The Experts Conference).  Kirkpatrick is the author of Active Directory Programming, the original reference book for developers working with Microsoft’s Active Directory. He has been nominated as a Microsoft MVP for Active Directory and Enterprise Mobility for each of the last 15 years. Linkedin
Unlock cyber resilience. Get a demo