Many organizations are embracing hybrid identity environments, implementing both on-premises Active Directory and Azure AD. Although the flexibility of hybrid identity environments brings huge benefits, this approach also comes with increased risk. Just as with on-prem AD, Azure AD has its weaknesses, and the hybrid mix creates additional opportunities for the attackers. As with the Kaseya and SolarWinds breaches, cybercriminals are exploiting security weaknesses in hybrid identity systems by gaining entry in the cloud and moving to the on-premises system—or vice versa. Auditing and remediating malicious changes in Azure AD requires a completely different approach from on-premises AD security management.
- New authentication model means that familiar concepts such as forests and Group Policy Objects no longer apply in the Azure AD environment.
- Decisions such as whether to merge on-prem AD and Azure AD with Azure Connect can have significant security consequences.
- The notion of the traditional network perimeter doesn’t exist in Azure AD, so IT and security teams need to defend against an endless array of potential entry points.
- Shifting to Azure AD brings significant changes to the permissions model: In a hybrid AD environment, identities are stored in the cloud, potentially vulnerable to attacks similar to the SolarWinds and Kaseya attacks.
- Lack of visibility into potentially malicious changes across the hybrid AD environment can compromise security.