In principle, calamities are categorized into 3 categories, being:
- Unintentional errors during regular operations (e.g. administrator accidentally deletes thousands of identities, or e.g. deletes the DC with the PDC Emulator);
- Planned attacks by malicious parties, from inside or outside (e.g. rogue administrator with a grudge towards the organization, or malicious parties using viruses/ransomware to shut down your business);
- Unplanned calamities (e.g. a natural disaster or consequences of other environment-related actions).
In all cases, and especially in a hybrid scenario (*), you must be prepared and have your procedures, both from a technical and logistics perspective, up-to-date. Additionally you must also replay these scenarios periodically (e.g. 1x per year). Replaying the scenarios ensures: 1) the current procedures are evaluated and updated as needed to reflect any changes in the environment, 2) the people involved have and retain the required knowledge of what to do when it is needed. Ask yourself the following questions: “can you restore a backup and actually use it?“, “are you confident enough everyone knows what to do when it is needed?“, “are you prepared for a ransomware attack, and if needed restore your core identity/authentication systems?“. Don’t miss out from having recovery plans part of your business continuity plan. It is your insurance to be able to recover identities and/or systems when it is needed to recover those. Depending on your business operations, regulations, etc. you must decide which risks you are willing and able to take and which not. For the latter category, the advice is define use cases, draw up and maintain recovery plans for those use cases, include them in your business continuity plan and replay those periodically.
Where possible, the right tools (self-made, third-party, locally and/or in the cloud) are deployed and set up based on a predefined list of requirements. This ensures, tooling is implemented correctly and it avoids buying too many tools with overlapping functionality. It also prevents from having a false sense of “being prepared” when in fact you may not be. Remember, even with paid third-party tooling you still need to create your procedures for specific scenarios. Third-party tooling are not necessarily the so called magic silver bullet. With tooling it is not necessarily better to have as many as possible. The goal is to have tooling for the right occasions and/or scenarios.
(*) in a hybrid scenario, the following systems, where applicable, play a very important role: 1) Active Directory (AD), 2) Active Directory Federation Services (ADFS) (or similar), 3) Azure AD Connect, 4) PKI infrastructure, 5) any MFA solution.
Be prepared, stay prepared and ahead!
CoC (NL): 126.96.36.199 || VAT ID: NL002970959B74
Unless otherwise stated and/or agreed, the NLdigital Terms and Conditions 2020 (English version) (Dutch version) apply to all our offers and agreements, deposited at the District Court Midden-Nederland, location Utrecht. In the event of disputes concerning interpretation of the English version of the NLdigital Terms, the Dutch version takes precedence.