fbpx
Doron Youngerwood

Backup Blog Bites #2: To AD Or Not To AD Your Backup System? That Is The Question 

  • February 20, 2024
  • 2 min read

About Continuity™

Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.

Read more

When it comes to backups, there’s an interesting debate as to whether you should connect your backup systems to Active Directory (AD) or not, and for good reasons. Let’s explore this dilemma. 

The Case For Connecting Your Backup to AD 

Because it streamlines user and system management, by integrating with AD, your backup system can leverage existing user accounts, group memberships, and organizational unit structures. This not only simplifies the setup process but also ensures that your backups are aligned with the organizational hierarchy.  

In addition, utilizing AD integration facilitates automated user authentication and access control, which enhances security.  

Backup Admins can leverage AD permissions to control who has access to backup software and infrastructure, ensuring that only authorized personnel can manage and retrieve sensitive information. This centralized management approach also reduces the risk of errors in user provisioning and access, which contributes to a more efficient and secure backup environment.  

Without AD, you rely on local user accounts, which are more difficult to control and monitor. In addition, AD integration puts a check in the box of so many regulatory requirements – access control, auditability and more – which assists with compliance. 

The Case Against Connecting Your Backup to AD 

Because it makes AD a single point of failure for both PROD and Backup (and you don’t want that!), if your AD is compromised, an attacker can harm both your production data and backup data, and then all hope is lost.  

It helps to ensure that your primary storage systems and backup systems are not managed by the same user accounts – a scenario that would allow a cybercriminal with a compromised user account to corrupt the original data and its backup copies.  

Since its your last line of defense, your backups should be as isolated as possible, and prepared for all possible attack scenarios. Nowadays, backup and storage systems offer reasonable access management features – account polices, audit, multi-factor authentication, and more.  

Being secure is more important than being compliant! 

If you ask us, we vote for #2.  

In less than 1 hour, assess the security of your backup environment: 
https://www.continuitysoftware.com/assess-the-security-of-your-backup-storage-environment/

Check out Backup Blog Post #3 in the series: The Backup Immutability Do’s & Don’ts Checklist.

Talk To An Expert

It’s time to automate the secure configuration of your storage & backup systems.

We use cookies to enable website functionality, understand the performance of our site, provide social media features, and serve more relevant content to you.
We may also place cookies on our and our partners’ behalf to help us deliver more targeted ads and assess the performance of these campaigns. You may review our Privacy Policy I Agree