On the Board - Efficiently Manage Hybrid AD/AAD Environments

[MUSIC PLAYING] Hi. I'm Todd Peterson. I'm on the team here at One Identity. And today, we're going to talk about management and security of Active Directory, and specifically about managing Active Directory in a hybrid environment. So let's turn to our board here. First off, here is Active Directory. Everybody has Active Directory. You're using it all the time to control access to a number of things, such as putting users in the correct groups, access to SharePoint, access to Exchange, access to Lync and Skype Online. But how do you manage that access? It's often very difficult. So you have an administrator. They use these native tools, and they set up a user. Then they go through with these data tools-- put them in the right groups. They use a different tool, maybe even a different person with different approvals, to put the person in Exchange. Same process for SharePoint, same process for Lync Online. So it's a convoluted mess and takes a lot of time to get people into all the right things they need in Active Directory. So administration is a nightmare. It's very, very inefficient. Now, you have Azure Active Directory as well. Now remember, Azure Active Directory is not simply a copy of your on-prem Active Directory out in the cloud. It's an entirely different thing. It has a different set of tools and a different administrator doing these things, but the same things have to happen. You use Azure Active Directory to access things in the cloud like SharePoint Online, Exchange Online, tons of SAS applications. So you go through that same process. This administrator uses a different tool to set up the same user, put him in the right groups in Azure Active Directory. Then he does the same thing for Exchange Online, same thing for Lync Online, same thing for SharePoint Online. So as you can see, it's a very convoluted mess full of errors because you're using two different tools, two different administrators, two different environments to do basically the same thing. We hear a lot of times it takes two to three to four hours to set up a single user in a hybrid environment. That's a lot of time. That's a waste. You don't want that. But that doesn't even mention the security of Active Directory and Azure Active Directory. Now, this administrative account that has to do the work is an all-or-nothing account. That person has permissions to do anything and everything within this environment that they administer, including bad stuff. The problem with these accounts is they're shared, so if you're a large organization, you could have dozens or even hundreds of people that share the administrative account. You never know who did what, and that's a problem because bad things can happen. So you want a way to delegate what people do with the admin account for Active Directory and the separate admin account for Azure Active Directory. You only want them doing what they can do. So there's a potential for errors and risk because of this all-or-nothing manual processes. Another thing that you'll want to do is analytics. You don't know-- easily don't know-- who has access to what within these two environments. You want to be able to determine who has rights, if those rights are appropriate, so that you can reduce risk. So there's a lot of challenges in this hybrid environment. It's inefficient. Security is a challenge, and analytics or governance is difficult as well. So let's talk about how here at One Identity we can solve that problem for you. So One Identity has long been the leader in Active Directory management and security. It's with a product called Active Roles. Active Roles provides you with a single, unified environment that embraces that whole Active Directory and Azure Active Directory world. So a single tool gives you a workflow to provision somebody into the right groups in both Active Directory and Azure Active Directory. It gives you templates. It says if they're in this group, then here's the Exchange they need, and here's the Exchange Online that they need. It has all the automation, even to the point of linking with an authoritative data source like your HR system to say when somebody's status changes, I'm going to go in, and it's going to automatically update their group memberships, their distribution lists, their SharePoint access, and all those types of things. It even includes approvals. You can have the workflow set up such that when somebody moves from this group to that group, this person has to approve it. And once they approve it, it will automatically happen. And it includes the administrative delegation we talked about, where these administrators are only given enough permissions that they need to do their jobs, not this all or nothing that natively comes in both Active Directory and Azure Active Directory. So you have this unified administration, a single tool that does all of these things for management and security of both the on-prem and the cloud Active Directory environments. That increases your efficiency dramatically. Increases security because now, you have only the correct permissions for somebody to do their job, not all permissions because they might have to do something there. That also increases consistency. When you do things in Active Directory now, you don't run the risk of thinking an error out into the cloud with Azure Active Directory, which you have with native tools. And then it gives you easy visibility. That's through a new solution we have called Identity Analytics and Risk Intelligence. It's part of our Starling Identity as a Service platform. It gives you the ability to look at an individual and compare their rights to other individuals, or other groups, or other organizations to say, are these permissions, are these entitlements that this person has the correct ones for their job? It will point out errors-- gives you an easy way to remediate those errors.