Office 365 has more than 60 million active monthly users, and adoption of the platform is increasing—for good reason. It allows organizations to reduce infrastructure and costs related to licensing and maintenance, while expanding storage efficiencies. Additionally, Office 365 empowers workforces to operate from anywhere and from any device, while increasing scalability and business continuity.
However, moving from an on-premise Active Directory (AD) to a cloud-based directory, like Office 365's Azure AD, still gives some decision makers pause for a common reason—security. As we know, security breaches can negatively impact a company's bottom line (and damage a company's reputation).
In 2016, research by the Ponemon Institute, found that the average cost of a data breach was $4 million per incident.
Where should your security concerns be directed? Microsoft promises a financially-backed, 99.9% service-level agreement for Office 365—however, change control, access governance and overall data security is still the responsibility of customers. And the rise of hybrid AD compounds this concern. Think about this: 75% of Office 365 customers with more than 500 users will sync their on-premise AD with Azure AD, creating a hybrid AD environment.
This scenario can lead to dangerous gaps and crippling inefficiencies. Any weaknesses in how the on-premise AD is configured will carry over to Azure AD. Organizations face all the security limitations of native AD and Azure AD, doubling the surface area they need to manage to prevent potential data breaches and insider threats.
Securing the data you store in a hybrid environment means taking the necessary steps to secure your on-premise AD—from pre-migration to post-migration. This eBook will identify steps for prepping the on-premise AD for synchronization with Azure AD, protecting data during migration and offer best practices for maintaining a more secure hybrid environment.
Many organizations work under the assumption that breaches and other forms of data loss are assumed costs of doing business and employ strategies to minimize risk. Prior to migration, data stored in the on-premise AD should be thoroughly assessed and consolidated to eliminate outdated or non-essential items. Your three goals during this process should be:
Microsoft's IDFix will help eliminate account duplicity by identifying and remediating object errors in the on-premise Active Directory prior to synchronizing users, contacts and groups into the Microsoft Office 365 environment.
Once excess data and duplicative accounts have been addressed, access issues have been resolved and security protocols have been met, you're ready to migrate to Office 365. While most of the heavy lifting has already been done, keen attention throughout the migration process will ensure data remains uncompromised. IT admins should have real-time auditing, reporting and alerting to changes during migration to ensure data security. Here are three things to watch:
Migration to Office 365 offers the opportunity to review your current solution providers. Each vendor should provide options for handling sensitive data throughout the migration to ensure the integrity of your data throughout its lifecycle. If that's not the case, they may not have your best interests in mind.
Migration to a hybrid AD environment offers a unique—yet arduous—opportunity to reduce risk associated with excess data, out-of-date permissions/access and duplicative user accounts in your on-premise AD. Now that the "house is in order," here are four post-migration best practices that create a lifecycle methodology for maintaining the organized environment you've created:
Auditing your hybrid environment is critical to understanding who has access to permissions, privileged groups, sensitive business groups, group policy objects (GPO) and data at all times. A thorough assessment of your on-premise AD and Azure AD should allow you to easily identify:
Much like a security camera that's always running "just in case," it's important to continuously review who has access to data and why, to ensure sensitive data is only available to those who should see it. This addresses both security and compliance concerns.
Real-time identification of suspicious activities in your hybrid AD environment is key to minimizing the impact of an insider attack or data breach. Proactive security measures should allow you to correlate disparate IT data from numerous systems and devices to quickly detect:
It's also a good idea to consider solutions that improve upon native auditing tools. Native AD, Azure AD and Office 365 auditing tools lack the governance and visibility required to meet compliance regulations. There are many functional issues, including:
If a breach occurs—or an access mistake is made—you need to know where problems that deviate from normal behavior exist and correct them immediately. Having a reporting process that allows you to detail everything that happens across the lifecycle will position you to act fast.
Automated security policy enforcement across your hybrid AD environment reduces the risk of human error and mitigates the potential for recurrence. The process should ensure:
Common mistakes by staffers can put data at risk. Offer comprehensive training for business users that covers best practices for sharing data inside and outside the organization. The training should be reviewed annually to ensure best practices are up to date with changing technology.
Should a security incident occur, you have to recover quickly to minimize downtime and loss of productivity. This process should allow you to analyze security baseline information so you can understand how the incident occurred and why. This process should help you to:
Quest's solutions can help simplify the migration, security and management of your Office 365, Azure AD and hybrid AD environment with a world-class network of experts and partners. With its distinguished track record of delivering migration and consolidation projects and end-to-end portfolio of solutions, Quest can help you to:
With nearly two decades of Microsoft platform migration experience, Quest enables organizations to embrace Office 365 and Azure AD without the burden of crippling costs, risks, fear or uncertainty. Learn more about how Quest can position your hybrid environment for success.