Securing Your Hybrid Identity Environment
Recent attacks (for example, the SolarWinds exploit) have shown that a compromise of on-premises Active Directory (AD) can be parlayed into harsh security consequences in cloud-based Azure Active Directory. Rarely are AD teams equipped to detect and remediate indicators of exposure (IOEs) or indicators of compromise (IOCs) on AAD, and often AAD practitioners do not have the AD visibility or expertise necessary to thwart attacks that start there.
As much as enterprises desire to move to the cloud, the reality is that most will be operating in a hybrid identity scenario for the foreseeable future. It is simply not feasible to abandon on-premises assets for a wholesale shift to the cloud. Consequently, the move to the cloud is more of an evolution than a revolution. Unfortunately, key aspects of securing a hybrid identity system are often overlooked.
Operating in a hybrid identity scenario usually involves disparate teams securing AD and AAD with separate tools and processes. Hybrid environments also have extremely complex threat landscapes, with hidden interrelations and a glaring lack of visibility into the security implications on-prem AD has on AAD, and vice versa.