Saturday, October 27, 2012

Outsourcing of Microsoft's Active Directory Technology Impacts Global Security

Today, the world is a global village, and people and countries are icnreasingly becoming connected in due to the dynamics of the global business and a global economy of supply chains and markets.

From China to the United States, and from Europe to Australia, organizations in almost all countries rely on other organizations for the fulfillment of numerous essential aspects of their business, ranging from the supply of materials to the modernization of their IT infrasturcutres and services.

In regards to the modernization of IT services, we in India see mto have become the IT back-office of the world in terms of delivering a variety of IT services ranging from software application development to the outsourced management of IT infrastructures -

While US and Europrean companies start outsourcing the development of numerous IT applications as well as recently the partial management of their IT infrastructures, some have raised concerns about the potential risks associated with such moves to gain economic efficiencies.

Data Centers

For example, it appears that a specific Microsoft technology called Active Directory is at the foundation of security in virtually most organizations in the world, and recently many organizations have started to oursource the management of their Active Directory to third parties, both in the US and in Europe, which in turn have outsourced the management of these deployments to India by establishing numerous services centers in India.

Experts say that Active Directory is a critical component of organizational security and argue that the outsourcing of such critical technologies to anyone may pose a risk to these organizations, because it exposes these organizations to the risk of compromise stemming from a compromise of their outsourced Active Directory deployments -

Whether or not the outsourcing of Microsoft's Active Directory technology impacts global security is an important question for all organizations to consider. In addition, for those of us in India, we should consider how we can provide additional assurance to our partners in the US and Europe as to the level of physical and network security we can provide to our IT centers based in Southern India.

This was not directly related to my area of interest, but I did it find it interesting, so I thought of sharing on my blog.


  1. Hi Rajiv,

    There are always risks associated with outsourcing security, especially IT security.

    In our organization, we recently outsourced the management of our IT infrastructure, and until recently we were having hard a time in figuring out how to find out who is delegated what access in our Active Directory as much of the management is delegated and outsourced to a major provider.

    I think one always has to be careful when outsourcing securtiy or when using technologies built in other countries, especially countries like China, Russia, Iran etc.

    I found your note interesting so thought I'd leave you a note.


  2. Hi Rajiv,

    Active Directory Security is critical to organizational security today and the need to know who has what access in Active Directory has become critical today.

    A good Permissions Analyzer for Active Directory can help identify, lockdown and
    audit security permissions in Active Directory quickly and efficiently.

    I recently came across a helpful post on How to View Active Directory (AD) Security Permissions and Perform ACL / Permissions Analysis so I thought I'd share it with you.


  3. Hello Rajiv,

    In my experience as an IT analyst, I have found that while many organizations use Active Directory so extensively, most of them don't seem to be aware of the various Active Directory Risks that exist today, and how these risks impact Active Directory Security. This is concerning because Active Directory is so widely deployed today and I worry that it may be vulnerable, whether to Kerberos-to-NTLM downgrade attacks, or other kinds of attacks such as Active Directory Privilege Escalation which it seems could be launched by insiders as well.

    Best wishes,

  4. Hello Rajiv,

    Greetings from Dubai. I am an Windows IT admin and have been working with Active Directory for quite some time now. One of the things that interests me is Active Directory Security and I have been recently looking at Active Directory Risks. I've found that using a Permissions Analyzer for Active Directory can be very helpful in finding out who has what permissions in Active Directory. I thought I would share this with you in case it help you too.

    Best wishes,

  5. Hi Rajiv,

    I happened to come across your blog, so thought I'd leave a note.

    I've been wanting to blog for a while now, and have a little blog of my own as well over as Active Directory Forestry, but I just can't seem to find the time.

    We've been very busy helping clients understand how to analyze and audit security permissions in Active Directory because it is so important to Active Directory security.

    We came across a valuable Active Directory Audit Tool and its been very helpful as we perform many an Active Directory Audit for our clients. Thought I mention it.

    If you have some time, do stop by. I would love to hear from you.


  6. Hi Rajiv,

    I think of Active Directory Security as being critical to business these days and Active Directory Auditing is very important.

    Personally, I've found that the need to audit what is being audited in Active Directory is equally important as well.

    I recently came across a cool Active Directory ACL Export/Dump Tool and have been using it for these audits.

    I thought you might find my experience with How to audit / find out what is being audited in Active Directory helpful so thought of sharing it with you.


  7. Hi Rajiv,

    As Domain Admins / Enterprise Admins we often delegate administrative tasks in Active Directory and from time to time need to know who is delegated what access in Active Directory.

    In my experience, I have found that it how to find out who is delegated what access in Active Directory is not as easy as it seems, but in fact can be quite difficult.

    I've seen many admins try to use a Permissions Analyzer for Active Directory but finding out who has what permissions in Active Directory is not the same thing.

    I recently came across an Active Directory Audit Tool that makes is super easy to find out who is delegated what access in Active Directory. Thought you may like to know.