The world is moving to the cloud. Infrastructure has moved. Web applications have moved. Even a good number of management tools have made the leap to the cloud. However, one area that has consistently lagged behind is identity management. In fact, you could argue that in the last 15 years, that there has been little innovation in the directory services area of identity management. One concept that is starting to gain some momentum though is the idea of a virtual Active Directory®.
Why a Virtual Active Directory?
Until recently, innovation in the IAM (identity and access management) sector has mostly been about how to build interesting solutions on top of Microsoft Active Directory. The market had largely assumed that AD was the monopoly in the directory services space and as a result, there wasn’t an opportunity to innovate in that area of identity management. So, many first generation IDaaS (Identity-as-a-Service) vendors started to build web application solutions on top of Active Directory.
Over time, though, the IT landscape shifted so dramatically that there needed to be some innovation in the core directory services space. Many vendors appeared on the market to provide virtual or hosted Active Directory solutions. These were just an Active Directory instance in the cloud. The provider would manage the server and software while the customer would only need to populate their users and connect their IT resources to the cloud AD instance. This was a significant positive step, but it wasn’t exactly transformative. Furthermore, this approach spawned a great deal of extra work around networking and security. As you know, AD assumes that the IT resources are local to the AD server.
So, while a virtual Active Directory instance was interesting, it wasn’t really sufficient for what IT admins wanted. Their IT network now consisted of Mac and Linux systems. Server infrastructure shifted from on-prem Windows-based data centers to AWS and Google Cloud. Applications split into those available on-prem and those on the Web, both being required to satisfy needs in some environments. The network shifted from wired to wireless causing a whole segment of security tools and areas to become obsolete.
The result: an Active Directory instance in the cloud was no longer a sufficient solution.
Virtual Active Directory Alternative
Modern organizations are shifting to the cloud identity management solution, Directory-as-a-Service®. The core benefit of Directory-as-a-Service is that it simplifies the on-prem and cloud identity management functionality, including centrally and securely managing identities. Those identities can then connect to a wide range of IT resources including systems (Windows, Mac, Linux), cloud and on-prem servers (Windows, Linux, AWS, Google Cloud, etc.), data (Samba file servers and NAS devices), and networking (wired and WiFi).
Instead of trying to shoehorn Active Directory into the cloud, IT organizations can leverage a virtual cloud directory platform tailored to their needs.
The Next Generation of Directory Services
If you would like to learn more about whether virtual Active Directory is right for you, or perhaps you need the next generation in IDaaS, drop us a note. We’d be happy to discuss your identity management requirements and how each platform can help your organization. Alternatively, sign-up for a free cloud directory account and check it out for yourself. Your first 10 users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud