Active Directory recovery is a crucial — and often overlooked — part of any cybersecurity plan.
Most organizations have detailed plans in place to help them recover in the event of a cyberattack or other disaster. But they may be neglecting one of the most important parts of responding and rebuilding after a crisis: Active Directory (AD) recovery.
AD is the key to managing and securing access and identity-related services across an organization’s entire domain. Without a comprehensive AD recovery plan in place, an entity is more vulnerable in the face of a ransomware or malware attack.
“Active Directory is foundational as a component in today's hybrid, cyber infrastructures,” said Center for Digital Government Senior Fellow Deb Snyder, former chief information security officer for the state of New York. “Virtually all access to resources, whether it's on-prem or in the cloud, is tied to AD. In the event of a cyberattack, a well-coordinated Active Directory recovery plan plays a really key role in terms of assuring cyber resilience.”
Speaking on a recent webinar convened by Government Technology and Quest, Snyder emphasized the importance of having an AD recovery plan in place. “It has to be a top priority,” she said. “Active Directory truly is that cornerstone, because nothing else works until Active Directory is up and running.”
Brian Hymer, a solutions architect for compliance and recovery at Quest who joined Snyder on the webinar, agreed. “Active Directory really plays that role as the keystone. Its access to databases, files, applications, even your endpoints [such as] workstations and phones and computers or tablets. If you lose Active Directory, the rest of it just falls apart.”
Most IT leaders understand how important their Active Directory is. But when it comes to AD recovery, there are some persistent misconceptions. Here are some of the most common myths about AD recovery – and how to combat them.
Most data protection solutions are designed to get a server back up to a healthy state. For AD recovery, that’s not enough. Every server needs to know what replication state it's in with its replication partners. And those partners need to agree that they are in the same replication state with it.
“If that's not in sync,” Hymer said, “then you run into [problems] that would corrupt your Active Directory and keep it from working. So you have to have a coordinated effort across every domain controller of the Forest when you're doing an Active Directory recovery.”
Many organizations think AD recovery is as simple as restoring servers to the most recent time they were backed up. That’s an “overconfident” mistake, Snyder said. “[It] creates a real false sense of assurance in their recovery capability.”
Reverting to the most recent server “snapshot” can actually create a host of new problems for an organization, depending on how long ago the snapshot was taken. It can cause the server to be out of sync with other servers in the same Forest. It can cause lingering objects in the Directory’s “global catalog,” which may cause communication issues or wreak havoc with user permissions, granting application access to unintended users.
Hymer recalled how one client, a manufacturing company, created more problems than it solved after a recent ransomware attack against a single domain in its network.
“In desperation after not realizing or not thinking that they could get their backups back online, they reverted a domain controller from [a snapshot],” he said. But reverting to the snapshot caused numerous problems with the rest of the manufacturing company’s Forest. “I think it was a three- or five-domain Forest. By the time they actually got their backups restored, and went to do recovery from actual backups, the problem had replicated outside of the domain into the rest of the Forest.” Hymer said.
“You can just really dig yourself into a deeper hole working from a snap,” he added.
In much the same way that traditional data protection solutions and snapshot backups can lead to major unintended consequences, relying on cloud solutions to recover on-premises servers can cause massive headaches. That can lead to fragmented data and even the potential for lost information.
“I will frequently hear from our customers, ‘Well, you know, I can get the on-premises pieces back, and then I'll just sync everything back [with the cloud] and I'm good to go,’” said Quest Strategic Systems Consultant Ian Lindsay on the webinar. “And it's really not the case. You have a whole set of different problems that happen out there [in the cloud].”
Organizations can easily lose significant pieces of data from the cloud when trying to simply re-sync them with on-prem servers. Many forget that there are attributes for the hybrid users that only exist in the cloud. To avoid those issues, IT teams need an AD recovery tool that’s designed to accommodate on-prem, cloud and hybrid platforms.
When disaster strikes, it can easily bring an organization’s network offline. Hurricanes, wildfires, earthquakes – even bombings and terrorist attacks – represent significant potential threats to an organization’s Active Directory. So many private companies and public agencies have wisely taken steps to ensure they have domain controllers in different parts of the country. An organization in California may have a domain controller in Colorado or Virginia to help get back up and running after a crisis.
But that’s not enough to guarantee true AD recovery. Why? Because today’s biggest threats aren’t physical or geographical. They’re virtual.
“What we're seeing more of today is cyberattacks. And those hit worldwide,” said Hymer.
To ensure comprehensive and seamless AD recovery, organizations can’t rely on geographically separated domain controllers. They must adopt an actual AD recovery tool that can restore their directory across all domains even in the case of a cyberattack.
By addressing these common misconceptions, organizations can implement an AD recovery plan that protects critical servers from any disruption, enabling them to bring their entire Forest back online easily and painlessly. For more information, the full webinar, Cyber Resilience and the Important Role of Active Directory Recovery, is available for free on demand.
Never miss a story with the daily Govtech Today Newsletter.
This content is made possible by our sponsors; it is not written by and does not necessarily reflect the views of e.Republic’s editorial staff.