The core user directory for an organization is a foundational piece of the IT management puzzle. IT admins need centralized control over who can access which IT resources. The way that has been accomplished historically is through an IT solution called a directory service. Now, a new generation of outsourced directory is leading the charge in the identity and access management space.
First Generation Directories – LDAP and Active Directory
Over twenty years ago the modern era of identity management was started with the introduction of the authentication protocol LDAP. Our advisor, Tim Howes, and his colleagues at the University of Michigan developed this breakthrough approach to managing the user directory. LDAP became the core protocol for the open source market share leader, OpenLDAP. On the commercial side, Microsoft paired LDAP with Kerberos to create the monopoly in the IAM space, Active Directory®.
AD quickly became the directory solution of choice for IT admins. Because most networks were hosted on-prem and based on Microsoft Windows, AD was an ideal choice. In fact, AD was an important part of Microsoft’s bid to own the front office and back office IT solutions. A directory was the central control point for an IT organization, and, of course, that control was easiest if the solution was tightly integrated with Microsoft AD. So the popularity of other Microsoft solutions such as Windows, Office, and Windows Server was fortified by the mass-adoption of AD.
In the mid-2000s the IT landscape started to shift away from being all Windows and on-prem. With the introduction of web applications and cloud infrastructure, IT organizations started to make the leap to the cloud. Windows was no longer as dominant and over time Mac and Linux devices made significant inroads. Linux ultimately would become the most popular server platform for data centers and Macs would be in virtually all organizations.
Modern Era Creates Security Challenges in AD Environments
All of these fundamental changes put tremendous pressure on IT organizations. How could they connect and secure their user access? The core directory service worked well with Windows and on-prem solutions, but struggled with non-Microsoft resources and cloud infrastructure. This has often led to users creating their own separate accounts to take advantage of web-based applications or using a Mac that is manually managed or not managed at all. Leaving any component of an organization’s IT infrastructure in the hands of the end user creates significant vulnerabilities.
First, users have gained a reputation for choosing convenience over security. So when they are creating their own separate accounts for web-based apps, they are likely reusing passwords or using very easy ones that are easy to crack. When an alert pops up on their system to update their operating system, more than likely they will choose to ignore it.
Additionally, when that user leaves the organization, IT has no way of knowing if they fully deprovisioned that user from all the resources they were using to create work product. That means an ex employee could still have access to confidential information, and if they had any ill will toward the company, they would be able to cause some real harm.
Secure Your Organization with an Outsourced Directory
Because of all of these challenges, a new generation of cloud identity management platform appeared on the market. As an outsourced directory solution, this modern implementation of the core user database turned into an incredibly important tool in a modern IT organization’s management process. Called Directory-as-a-Service®, this SaaS directory solution securely connects and manages user identities to the IT resources they need regardless of platform, protocol, provider, or location. With one set of credentials, this outsourced directory connects users to Linux, Mac, and Windows systems, infrastructure, networks, legacy and web-based applications, and physical and virtual storage. In providing users with frictionless access to their resources, IT gains widespread visibility and fine tuned control over their environment.
If you would like to find out more about how an outsourced directory can put security back in the hands of IT with a centralized environment, drop us a note. We also encourage you to start testing our hosted directory by signing up for a free account. All of our features are available and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud