{"id":28307,"date":"2023-09-25T11:18:26","date_gmt":"2023-09-25T15:18:26","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=28307"},"modified":"2024-11-08T16:47:01","modified_gmt":"2024-11-08T21:47:01","slug":"active-directory-zero-trust-security","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/active-directory-zero-trust-security","title":{"rendered":"Active Directory and Zero Trust Security: Are They Compatible?"},"content":{"rendered":"\n

For most IT organizations, using Microsoft Active Directory<\/a> is a default choice. For nearly 20 years, there hasn\u2019t been a viable alternative to the legacy directory services solution.<\/p>\n\n\n\n

As traditional security methods shift to the new Zero Trust security model<\/a>, is Active Directory the right solution to take organizations forward? In this article, we\u2019ll discuss Active Directory and Zero Trust security, where these two conflict, and introduce an alternative directory platform that delivers on the principles of Zero Trust.<\/p>\n\n\n\n

It is critical to start the discussion by defining Zero Trust security<\/a>, and exploring why it is an important security approach for IT organizations.<\/p>\n\n\n\n

What Is Zero Trust Security?<\/h2>\n\n\n\n

The premise of Zero Trust security is simple: trust no one (not even your own grandma) when it comes to IT resources and verify everything. Only after a user has provided sufficient proof that they are who they say they are can the organization grant them access to the goods. <\/p>\n\n\n\n

What does this look like for IT admins on a practical level? Each access transaction must verify the user\/identity, the device, network path, and ensure correct authorization rights. <\/p>\n\n\n\n

This approach is diametrically opposed to the perimeter security model, where IT resources and people are considered safe on the inside of the network once they log in, and insecure on the outside.<\/p>\n\n\n\n

Traditionally, Microsoft Active Directory (AD) pioneered the internal network as the<\/em> domain controller<\/a> on-prem, securing Active Directory by using firewalls and VPNs. The thinking went like this: on the inside is the trusted domain and the outside is the untrusted internet.<\/p>\n\n\n\n

Of course, the modern world doesn\u2019t work this way. More end users are working from home than ever before, and many of them are using a variety of personal devices to access organizational IT resources not hosted internally. <\/p>\n\n\n\n

Add the seemingly constant announcements of data breaches and compromises flashing across news headlines, and it is clear that existing Active Directory best practices and the old-school security model is broken. In short, there is no internal network and network perimeter, but rather a fluid internet where users hop on and get work done, hopefully securely.<\/p>\n\n\n\n

The Rise of Zero Trust Security<\/h2>\n\n\n\n

Understanding the realities of how modern users work and organizations function, along with the reality of security and compliance requirements, the Zero Trust security model emerged as a different approach to building and running modern networks.<\/p>\n\n\n\n

Every access transaction would require a number of factors to build trust. The concept of joining a domain and being on the \u201cinside\u201d with safety wouldn\u2019t exist.<\/p>\n\n\n\n

For most IT organizations, Active Directory has been the identity management standard, along with the concept of the domain. IT admins connect their users to their IT resources through AD and a user logs in to their Windows machine and has access to whatever they need.<\/p>\n\n\n\n

In a traditional, Windows-based on-prem network this model can seem to work, but it runs counter to the Zero Trust security model concepts. That is, Active Directory security traditionally favors a strong perimeter to protect trusted assets, rather than viewing all sources of network traffic as potential attack vectors as with Zero Trust.<\/p>\n\n\n\n

Further, with web applications, cloud and non-Windows file server options, cloud infrastructure from Amazon Web Services (AWS), and more, the AD domain controller isn\u2019t able to connect and secure access to all these different IT resources. Of course, with more remote work than ever, it creates even more complications.<\/p>\n\n\n\n

The result is that IT organizations patch the holes and add identity bridges, web single sign-on (SSO), and other tools to enable users to connect to what they need, creating additional work, costs, and most importantly security risk.<\/p>\n\n\n\n

The Breakdown of Active Directory<\/h2>\n\n\n\n

Fundamentally, the concept of the domain doesn\u2019t end up working because of the variety of IT resources needing management outside of the domain. Then, when considering the inherent risks associated with a perimeter-based model, IT organizations end up searching for a different approach to their identity management needs.<\/p>\n\n\n\n

With a next-generation approach to directory services, IT organizations can embed the concepts of Zero Trust security without being tied to an on-prem network, a single provider, or legacy security model.<\/p>\n\n\n\n

Called JumpCloud Directory Platform, this modern approach to identity and access management (IAM) is focused on creating trust with each type of IT resource regardless of the platform, provider, protocol, and location. In this approach:<\/p>\n\n\n\n