Saturday, October 27, 2012

Should the Management of Critical IT Services like Active Directory be Outsourced to the Cloud?

My hiatus from blogging can be attributed to the incredibly insane workloads I've been dealing with over the least few years, especially as we are all forced to do more with less in this global economy.

Today, I did want to take a few moments out to touch upon a rather contentious subject that many companies in the UK are faciing...

Should we manage our Active Directory deployments ourselves, or should we outsource them to a provide in the cloud?

Outsourcing the management of Active Directory has its benefits as well as its drawbacks. This is a relatively new phenomenon in that it has been around for about 3 - 4 years, but it may be starting to pick up some real steam this year given the dismal state of the global economy.

Should you Outsource the management of your Active Directory to the Cloud?

I've heard many reasons both in support and against the argument.

Proponents of outsroucing point out that it can result in lowered cost of management and thus result in IT savings which is something all CTOs would love to have in this economy -

However, critics argue that while this may save costs, it could substantially increase the risk to IT security as by outsroucing the management of something as core as the Active Directory, one would effectively be outsourceing the bedrock of security -

Personally, I am inclined to find a balance and see if there are ways in which we can ahcieve greater efficiences in our IT management without having to outsource the management of critical infrastructure components as the Active Directory to providers in the cloud.

If you'd care to share any thoughts, please feel free to leave a comment, and I'll be happy to respond.


  1. Hi Andy,

    I think its a bad idea to outsource the management of an organizations critical IT services, because the consequences of a security breach can be dire.

    Even in our own organization, our previous management had outsourced the management of our Active Directory to a 3rd party, and we're still trying to find out who is delegated what access in our Active Directory?.

    Personally, I think the potential downside far outweighs any upside of cost-savings.


  2. Hi Andy,

    Active Directory Security is critical to organizational security today and I agree that its management should not be outsourced.

    Speaking of Active Directory Security, a good Permissions Analyzer for Active Directory can help identify, lockdown and
    audit security permissions in Active Directory quickly and efficiently.

    I recently came across a helpful post on How to View Active Directory (AD) Security Permissions and Perform ACL / Permissions Analysis so I thought I'd share it with you.


  3. Hi Andy,

    Thee's been a lot of talk about the security implications of outsourcing the management of critical IT services like DNS, DHCP, Active Directory, email (Exhange) etc. to outsroued providers. I think outsourcing of Microsoft's Active Directory technology impacts global security but I would love to hear your thoughts on the same.


  4. Hello Andy,

    Greetings from Dubai. I am an Windows IT admin and have been working with Active Directory for quite some time now. One of the things that interests me is Active Directory Security and I have been recently looking at Active Directory Risks. I've found that using a Permissions Analyzer for Active Directory can be very helpful in finding out who has what permissions in Active Directory. I thought I would share this with you in case it help you too.

    Best wishes,

  5. Hi Andy,

    I happened to come across your blog, so thought I'd leave a note.

    I've been wanting to blog for a while now, and have a little blog of my own as well over as Active Directory Forestry, but I just can't seem to find the time.

    We've been very busy helping clients understand how to analyze and audit security permissions in Active Directory because it is so important to Active Directory security.

    We came across a valuable Active Directory Audit Tool and its been very helpful as we perform many an Active Directory Audit for our clients. Thought I mention it.

    If you have some time, do stop by. I would love to hear from you.


  6. Hi Andy,

    I think of Active Directory Security as being critical to business these days and Active Directory Auditing is very important.

    Personally, I've found that the need to audit what is being audited in Active Directory is equally important as well.

    I recently came across a cool Active Directory ACL Export/Dump Tool and have been using it for these audits.

    I thought you might find my experience with How to audit / find out what is being audited in Active Directory helpful so thought of sharing it with you.


  7. Hi Andy,

    As Domain Admins / Enterprise Admins we often delegate administrative tasks in Active Directory and from time to time need to know who is delegated what access in Active Directory.

    In my experience, I have found that it how to find out who is delegated what access in Active Directory is not as easy as it seems, but in fact can be quite difficult.

    I've seen many admins try to use a Permissions Analyzer for Active Directory but finding out who has what permissions in Active Directory is not the same thing.

    I recently came across an Active Directory Audit Tool that makes is super easy to find out who is delegated what access in Active Directory. Thought you may like to know.