At some point in your life, most of you reading this will be part of a conversation that drifts into the topic of security and someone will mention using a domain. It is usually a word thrown out there when the subject of workplace technology comes up. There is more than one kind of domain but in this case they would be referring to an Active Directory (AD) domain. But what is an AD domain really and should you have one in your office?
What is an Active Directory Domain?
Microsoft defines it in this way “…Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators. For example, AD DS stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables authorized users on the same network to access this information.”[1] In other words, an Active Directory domain is a network of computers, printer, and more. These are governed and managed by a centrally located system called a domain controller. This type of server is used explicitly for the purpose of managing the domain.
So what can an Active Directory domain do for me?
There is a vast array of things that a domain can do to make your life easier in managing and maintaining your business. With it, you can create and manage usernames and passwords for your employees’ computers, control who accesses what folders and data shared across your network, roll out updates for all workstations connected to the domain, create a standard set of printers and install them on all workstations automatically, and much more. And let me mention this, for those of you using Microsoft’s Office 365, there is also a feature that integrates management of these Office 365 accounts from your domain as well. That way, you don’t have to keep up with two sets of usernames and passwords.
Not an Option
Everything already mentioned has been on the grounds that you can take or leave it. An important point must be made here though. If you are an entity that handles patient information and are required to be in HIPAA compliance, having an AD domain is really almost a requirement, and is absolutely essential to running your business or practice while staying in compliance and out of trouble. This is largely due to the fact that personally identifiable information (PII) is involved. This includes medical history, social security numbers, etc. And this undisclosed information should be protected at all times. An AD domain makes that possible by helping you control who and what has access to this information and for how long. This is managed through policies in the AD which enforces it so that you don’t have to. An example would be if an employee left her computer for a break. An AD policy could be put in place to automatically lock her computer after a designated period of time, e.g., 10 minutes, so that passersby couldn’t access this information while she was away. Another example is when a staff member is terminated. This would regularly be a painful task to change passwords on everything they had access to and is easily remedied by disabling their AD account. These are just two ways that you could make use of an AD to keep your business secure.
So what next?
There are many tasks and roles that a domain can do for you but that list is too extensive to cover completely here today. So, what if you already have a domain? Chances are you may not be using it to its highest potential. If you are interested in using an AD domain or taking your business to its top potential, feel free to call SandStorm IT at 901-475-0275. We would love to sit with you and create a game plan to make this happen.
[1] https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview