The rivalry between Google Identity-as-a-Service (IDaaS) and AWS Directory Service is heating up. The success of AWS is driving Google to make Google Cloud even better, and visa versa. Both cloud infrastructure providers are trying to provide any number of additional, ancillary services that support their customers and both have been extremely successful.
Due to the fact that they are both so similar, it’s difficult to determine which of the two has the better overall cloud infrastructure platform in their current states – so it will be interesting to see what’s next. One of the areas that both have focused in on is cloud identity management. This blog post discusses various aspects of both AWS Directory Service vs Google IDaaS and why JumpCloud’s virtual identity provider may be more interesting in the cloud identity management arena.
Summary of AWS Directory Service
AWS is an Infrastructure-as-a-Service (IaaS) platform that offers a wide range of web services, applications, data storage, and infrastructure. Essentially, AWS provides low cost IT infrastructure on a pay as you go model aimed at minimizing capital expenses. Yet, while AWS is meant to be a cloud computing platform, they also offer Microsoft Active Directory® (AD) in the cloud. Why? The answer is that, while AWS is a cloud-based service, the source of truth for user identities is often still grounded on-prem with AD. So, AWS wanted to make it easy for organizations to connect their on-prem identities to their cloud infrastructure. A mirror or new instance of Active Directory in the cloud was their answer to this problem for Windows-based workloads.
Summary of Google IDaaS
If you have ever used Google Apps (now known as G Suite), then you are likely already familiar with Google Identity-as-a-Service. Google IDaaS is effectively a G Suite directory providing a user management system for Google services and an authentication source for a few select web applications. Google Identity Services allows for integrations with SaaS services and web applications via SAML and OAuth. However, things aren’t as clear when it comes to connecting to legacy applications or on-prem resources (Windows, Mac, and Linux systems), which have historically required a traditional OpenLDAP™ or Active Directory instance to provide the source of truth for user identities. Unfortunately, Google Cloud Identity is really only good for a small part of your IT infrastructure.
The same holds true for AWS Directory Service. The challenge with both cloud identity management solutions is that they are focused on being a user management platform for their own resources. Neither can claim to be a true identity provider.
Directory-as-a-Service lifts you up and never lets you down
If your organization is interested in a complete cloud based infrastructure, then AWS Directory Service and Google IDaaS aren’t really an option. Neither platform serves as a complete directory service for both in house and cloud IT resources and both generally require Active Directory on-prem. The good news is that there is a better way. A new cloud identity management platform called Directory-as-a-Service is effectively integrating with AWS and Google services such as G Suite and Google Cloud. And, it covers your on-prem systems (Windows, Mac, Linux), legacy and cloud applications, and WiFi networks as well. In one IDaaS platform you cover what a user needs to access with one identity.
If you would like to learn more about the future of IDaaS and why Directory-as-a-Service may be that platform for your organization, drop us a note. Alternatively, sign-up for a free IDaaS account and see what a true cloud directory could be for you. Your first 10 users are free forever.
- Mathew, Sajee. Overview of Amazon Web Services. N.p.: Amazon, Apr. 2017. PDF. https://d0.awsstatic.com/whitepapers/aws-overview.pdf
- Google, Docs. “Overview | Cloud Identity and Access Management Documentation | Google Cloud Platform.” Google. Google, 7 July 2017. Web. 14 July 2017. <https://cloud.google.com/iam/docs/overview>
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud