Directory services have been the core of IT infrastructure since the early 1990’s. However, traditional directory services have had a hard time keeping up with the new wave of IT resources such as cloud infrastructure, web applications, myriad device types, and much more.
Hosted directory services have emerged to address these changes like the increase in Mac and Linux devices in the workplace, the growing popularity of web based applications such as GitHub, Salesforce, and Box to name just a few, and the number of resources employees need access to. Embracing a cloud directory service can be a little scary: it’s unfamiliar and the overhaul to implement it can seem daunting.
Is a hosted directory right for your IT infrastructure?
Hosted solutions generally work well for organizations with modern infrastructure. On-prem directory services such as Microsoft Active Directory and OpenLDAP require more maintenance than a hosted directory alternative, such as Directory-as-a-ServiceⓇ. That said, some organizations still choose to maintain their own directory infrastructure on-premises.
To help answer this question for your unique IT infrastructure, let’s take a look at where traditional directory services started, and why many organizations are leaving them behind.
The Origins of Directory Services
In the 1980s and 1990s, computers and networks became a common workplace resource, and IT realized the necessity for controlling user access to these IT resources. Also, with the possibility of multiple users needing access to the same resources, an efficient method was needed for providing access to those resources. This led to the creation of LDAP.
The LDAP protocol was created in 1993 by Tim Howes and his colleagues at the University of Michigan. This protocol provided a much lighter weight mechanism to support user authentication and authorization than it’s heavy duty counterparts at the time (think X.500). Two solutions began leveraging this protocol.
OpenLDAP™ leveraged the protocol and became the open source directory services standard in the industry. Today, it is often used for Linux-based systems or for finer control over more technical applications.
The other solution that used LDAP was Microsoft’s Active DirectoryⓇ. Microsoft seized upon the opportunity to lock-in their customers by building Active Directory which works best with Microsoft systems, applications, and networks. This worked up until the mid-2000’s when the IT landscape started to shift.
A Changing IT World
Apple’s macOS devices started to make their way into the workplace. Data centers were replaced with AWS’s Infrastructure-as-a-Service and Google introduced outsourced email servers and innovative lightweight productivity apps with G Suite (at the time called Google Apps).
Microsoft’s answer to this changing landscape was Office 365 and Azure Active DirectoryⓇ – Microsoft’s approach to the cloud. But Azure AD still desires the on-premise AD infrastructure. Microsoft and other traditional on-prem directory services couldn’t keep up with the new variety of endpoints, influx of web applications, and available components for cloud network infrastructure. IT admins were losing visibility over their user’s access to resources.
So, the search began for modern directory services that offer solutions for this changing landscape.
A hosted version of OpenLDAP or Active Directory would not do the trick. IT organizations wanted a reinvented version of directory services that would be platform neutral, enable better management over cloud infrastructure, and centralize user management across an entire IT infrastructure.
Also, any new wave of technology brings with it new and different security concerns, one of which is the possibility of a stolen identity compromising an organization. Today, security must be embedded into the directory services, with data fully encrypted both in transit and at rest and passwords being one-way hashed and salted.
Legacy or Cloud?
While a legacy directory can help address the needs of legacy IT, a cloud-based, hosted solution like JumpCloud may be a better fit for modern IT organizations. Let’s consider the differences between the two categories below.
A legacy directory service such as Active Directory requires physical servers that run on-prem. Connecting traditional directory services to modern cloud infrastructure and web applications is a major challenge requiring networking and security issues to be addressed.
In the case of a hosted directory, the provider leverages modern cloud infrastructure to deliver a new generation of Identity-as-a-Service capabilities to their customers. IT admins simply shift the burden of managing infrastructure, worrying about uptime and availability, and spending time on security to the cloud identity management provider.
Directory-as-a-Service – A Modern-Day Hosted Directory
Directory-as-a-Service offers cloud directory services. It enhances your security with password management and multi-factor authentication. With its ability to connect to a diverse range of resources, Directory-as-a-Service efficiently centralizes user access and doesn’t lock IT organizations into using a particular vendor.
If you would like to learn more about how our hosted directory service can support your IT infrastructure, drop us a note. Feel free to try our virtual identity provider for yourself by signing up for a free account. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud