How do you improve cybersecurity for your identity infrastructure? Part 3
Morgan Holm
Apr 16, 2024
Recovery
Active Directory and Entra ID (Azure AD) are mission-critical parts of your infrastructure. They enable access and authentication for services like e-mail, collaboration, databases, applications, file sharing, and more. Accidental or unwanted changes can cause resulting in service interruptions. This also makes them a prime target for bad actors. Many organizations continue to rely on traditional backup approaches that, when closely examined, do very little to meet the most common business needs for restoration and recovery. As a result, restore and recovery operations take longer, require more manual effort and administrative overhead, and generally slow down organization’s efficiency and effectiveness.
Backups
Backups are essentially an insurance policy that allows you to manage the risk of unwanted events. All backups and solutions are not equal. You need to ensure that you have the necessary data to get back to a good state. Most organizations will have a backup solution that covers their needs for file system data that may also include some AD restoration capabilities but may not be sufficient.
Recovery Time
The time needed to perform a recovery can vary greatly depending on how the solution works and the scope of the recovery. The quicker the recovery, the less impact on the organization which can result in significant savings. Organizations need to understand the amount of time it will take, the amount of effort required to perform restorations and to manage the solution.
Challenges of Backup Solutions
A full backup can be used for object level recovery. However, attribute level recovery using a full backup often means restoring the entire object, not just one or two attributes. Using Windows’ native backup utility to perform a recovery entails taking a domain controller offline and into recovery mode, where admins perform a complex command line driven authoritative restore. It’s time-consuming and requires specialized expertise.
Many third-party backup solutions can restore individual objects from a full backup without taking a domain controller offline. However, these traditional backups still have a major weakness, which is that they are point in time. Traditional backups are made on a regular schedule, and any data that changes between backups is “at risk,” meaning if the data is lost then it can’t be recovered because it hasn’t yet been backed up. New user accounts, changes to user passwords, changes to group memberships, etc. can all be lost if a failure occurs between backups. Your most granular point of recovery is the most recent backup, which in many organizations puts up to 24 hours of data at risk. Even if the backup schedule is shortened this requires more backups which can slow down the recovery process and take more storage space.
Cygna Recovery Solutions
Integrated audit and recovery allow you to undo changes that should not have been made in the first place whether unauthorized or unintentional. Simply rollback GPOs, objects or attribute values in a few simple mouse clicks. There is a single agent for both AD audit and recovery. This greatly reduces the recovery time. An unwanted change can be rolled back immediately right from the change event.
Cygna Recovery provides continuous data protection that minimizes the risk of business disruptions. The solution stores every change in a continuous change log, enabling you to instantly roll back unwanted changes with a simple click of a button. Restoration of deleted objects come back as they were when deleted, including group memberships. The recovery solution enables quick remediation of issues.
Granular Recovery
Reduce the risk of changes interrupting operations. Flexible recovery options allow you to only recover what is needed, individual attributes, object, groups of objects or a portion of the directory so valid changes are not overwritten.
Leverages RBAC & AD Integrated Authorizations
Access to use rollback and recovery features in product are controlled through RBAC and scope. Native AD or Entra ID permissions to the objects are also required to perform the operation giving organizations complete control over the process.
The Cygna Security and Compliance solutions are all contained in a single tightly integrated platform. The solutions have been designed to improve cybersecurity for your identity infrastructure allowing you to harden, detect and protect and rollback or recover from incidents.