« Previous 1 2
Azure AD and AD Domain Services for SMEs
Above the Clouds
Privacy vs. Security
If you live outside the US, you might be a bit nervous at the prospect of migrating services to a public cloud, especially one offered by a US provider. After all, according to the often-cited criticism, companies in the US have to grant the US government full access to their stored data, which is not in compliance with the GDPR, because data within the sense of Article 44 [3] is transferred to a third country that either has not agreed to uphold the GDPR or with which a comparable agreement on data protection does not exist. In the context of Azure AD DS in particular, however, this criticism is not truly valid for several reasons.
When companies use Azure AD DS, they are only migrating some of their data to the cloud – the usernames, passwords, and any additional metadata for individual devices. Switching from the local Active Directory to an Active Directory in the cloud does not mean immediately uploading the entire content of your local storage to the Internet, as is sometimes the case with other services. Of course, login names and passwords are sensitive, but they do not directly enable access to a company's business data, for example.
Additionally, many SME admins underestimate another factor: Operating an Active Directory "correctly" and securely causes overhead that should not be underestimated. I have already addressed the problem of needing a meaningful high-availability setup without having the infrastructure to build one. Additionally, security updates for services such as Active Directory or the underlying Windows often have to be installed at very short notice, which is sometimes a bumpy ride and means even more work. Because it is difficult to find the right time for an Active Directory restart, which effectively shuts down the office for several minutes, some administrators ignore the issue of security altogether, which in turn opens the door to attackers, meaning you then have to worry about data security at least as much as you would in the cloud.
As a huge provider, Microsoft is used to protecting online services and data. It is less likely that attackers will invade Azure and take data with them than that an attack on your broom closet will be successful and your Active Directory the victim. Finally, Azure AD DS comes with automatic backups, which you can download if required. Even if an attack does succeed, Azure AD DS still offers the option of returning to a secure backup of user data from the past – at least if the start of the attack can be clearly identified.
Conclusions
Azure Active Directory Domain Services can be a real alternative to on-premises Active Directory, especially for SMEs. Many of the tedious maintenance tasks in the Active Directory context are eliminated in the cloud variant; at the same time, SMEs will typically not need any of the functions that are missing in Azure AD DS. In any case, anyone who spends a lot of time maintaining an on-premises Active Directory that would be better invested elsewhere will also want to take a closer look at Azure AD DS. Admittedly, it adds a line item to your operating expense list because Azure AD DS is based on a subscription model like most Azure services, with monthly fees for use. For SMEs in particular, however, the charges should be within tolerable limits and, in any case, not exceed the costs incurred by several hours of work on Active Directory by an average IT service provider.
Infos
- Azure AD: https://azure.microsoft.com/en-us/services/active-directory/
- Azure AD DS: https://azure.microsoft.com/en-us/services/active-directory-ds/
- GDPR Article 44: https://gdpr-info.eu/art-44-gdpr/
« Previous 1 2
Buy this article as PDF
(incl. VAT)