Most enterprises have made large investments in Active Directory (AD) and consider it to be one of the foundational ways to manage users and policies, but they likely utilize Linux resources as well. The challenge is that AD does not natively extend its capabilities to Linux. This means that IT isn’t managing servers, users, and policies consistently across their environment. To ensure productivity, IT is forced to go against best practices and do things like duplicate identities for those with Linux. Not only is this inefficient, but creates a large security gap that can introduce unnecessary risk to an enterprise.
IT leaders finds themselves managing a complex hybrid environment that includes more systems, applications, and identities than ever before. As governance and compliance requirements continue to become more stringent, audits become more difficult, and breaches become more frequent, they need complete visibility into all resources, with the ability to centrally manage from a single pane of glass. Pressured to utilize existing resources and investments that have already been made in AD, it makes sense to leverage their existing authentication and authorization toolset across their entire environment.
The lack of a security and identity process, awareness, and insight into Linux resources can introduce challenges in four key areas:
- Privileged access – because Linux is not being managed in a central location, activities like access provisioning, credential vaulting, authentication, and authorization is not necessarily being implemented in a consistent manner. Privileged sessions within the Linux resources are then not being monitored as they should be. It can be very difficult to implement a comprehensive privileged management strategy without consolidated controls.
- Delegation – to implement the principle of least-privilege, IT organizations need a way to delegate access to identities in a granular way, ensuring identities have just the right access to do the job when they need it (no more, no less). It shouldn’t matter if they are managing or accessing a Windows or Linux resource – the controls around delegated administration should be consistent, automated and enforced.
- Security policies – the native AD toolset provides the ability to build and enforce security policies, but is limited in its ability to extend those policies to Linux, causing IT administrators to utilize scripts and manual processes to fill the gap. Even if an organization had the best possible security policies in place, manual processes and legacy scripts can be difficult to maintain unless you have exactly the right resources and expertise available to you.
- Reporting and auditing – most organizations depend on reports and audit logs to help fulfill their compliance and governance obligations – having a centralized location (aka a single pane of glass) to access both Windows and Linux data is key to efficiency and simplifying audits. Many will have to view logs and report in different locations and then combine the data together to meet requirements and for good visibility. In addition, having to report on multiple identities for a single user can complicate the audit process. Any reporting becomes a challenge when you have to evaluate or report on data for Linux resources separately than everything else, especially for those with rigorous audit cycles.
The Answer: Create a bridge between AD and Linux
Bridging AD with your Linux resources enables you to utilize existing policy process and templates to bring resources (normally unmanaged) under tighter control. Here at Micro Focus, we know our customers want a way to manage and secure their entire environment – whether it is Windows or Linux, on-premises or in the cloud – from a centralized location, without having to duplicate identities and access controls or invest in additional tools and security vendors. Most customers have already invested a huge amount of resources into AD and we help them leverage that investment using Micro Focus AD Bridge.
This new solution allows you to easily extend privilege, delegation, and policy management toolsets to your Linux resources to improve overall ROI. Unifying your Windows and Linux resources enables you to increase efficiency through centralized server and user management. With Micro Focus, you can enforce your effective AD security policies in Linux and drive consistency with audit logs and reporting to support governance and compliance.
The AD Bridge solution is architected for today and tomorrow – so if you’re looking at a move to the cloud or even leveraging some SaaS applications, it’s capable of putting policy around that too. You can request a free 30-day trial and learn more about Micro Focus AD Bridge.
Identity & Access Mgmt