The core user directory for an organization is a foundational piece of the IT management puzzle. IT admins need centralized control over who can access which IT resources. The way that has been accomplished historically is through an IT solution called a directory service. Now, a new generation of outsourced directory is leading the charge in the identity and access management space.
First Generation Directories – LDAP and Active Directory
Over twenty years ago the modern era of identity management was started with the introduction of the authentication protocol LDAP. Our advisor, Tim Howes, and his colleagues at the University of Michigan developed this breakthrough approach to managing the user directory. LDAP became the core protocol for the open source market share leader, OpenLDAP. On the commercial side, Microsoft paired LDAP with Kerberos to create the monopoly in the IAM space, Active Directory®.
AD quickly became the directory solution of choice for IT admins. Because most networks were hosted on-prem and based on Microsoft Windows, AD was an ideal choice. In fact, AD was an important part of Microsoft’s bid to own the front office and back office IT solutions. A directory was the central control point for an IT organization, and, of course, that control was easiest if the solution was tightly integrated with Microsoft AD. So the popularity of other Microsoft solutions such as Windows, Office, and Windows Server was fortified by the mass-adoption of AD.
In the mid-2000s the IT landscape started to shift away from being all Windows and on-prem. With the introduction of web applications and cloud infrastructure, IT organizations started to make the leap to the cloud. Windows was no longer as dominant and over time Mac and Linux devices made significant inroads. Linux ultimately would become the most popular server platform for data centers and Macs would be in virtually all organizations.
Modern Era Creates Security Challenges in AD Environments
All of these fundamental changes put tremendous pressure on IT organizations. How could they connect and secure their user access? The core directory service worked well with Windows and on-prem solutions, but struggled (Read more...)