IT organizations around the globe are under pressure to enable their employees to work remotely. As a result, IT admins are learning which solutions perform well in a work from home (WFH) scenario and which do not.
Most commonly, IT teams regard legacy infrastructure, such as Microsoft® Active Directory® (AD), as incapable of securely managing user access during remote work. In this blog post, we look at the ideal scenario in which AD thrives, and why it struggles with a WFH model.
The Ideal Setup for Active Directory
Active Directory has been a mainstay in IT organizations for over 20 years. On-premises AD enabled IT admins to control who could join an organization’s network, and what IT resources they could access. Network users had single sign-on (SSO) access to all their on-prem, Windows-based resources, and admins could centrally manage those users and their access through AD.
AD worked well for organizations with a Microsoft-centric model. It was predicated on the concept of an on-prem domain, with employees working in an office. Every IT resource had a direct connection to the domain controller, which allowed users to authenticate to their devices and IT services.
However, as organizations adopted new technologies and processes that exist outside the Windows® domain, centralizing user access around on-prem equipment became challenging. There are now a number of resources that admins have to manage in conjunction with AD, including:
macOS® and Linux® systems
Web applications like Slack® and G Suite™
Infrastructure-as-a-Service platforms like AWS®
So before, all remote users would need to do was use a VPN to gain access to AD and then their IT resources. But with most organizations managing resources that live outside that Windows domain, user provisioning, management, and security is not quite so simple.
The Issue with AD in Remote Environments
As a result of the global outbreak of the coronavirus, countless organizations have to enable remote working for their employees. In just weeks, the way people do work changed, and as a result, on-prem identity management tools like AD simply fail to (Read more…)