Passwords are one of the most important digital assets in IT organizations. They are effectively the keys to the digital kingdom, and compromised passwords have been the primary attack vector for the majority of highly valuable identity breaches in recent memory [CNNtech]. So it’s no surprise that the concept of an outsourced password management system can make IT admins uneasy.
However, IT organizations may not be aware that a next generation outsourced password management platform called Directory-as-a-Service® can actually be more secure than traditional approaches to password management. In order to understand how, let’s first explore the traditional approach.
The On-Prem Approach to Password Management
IT organizations have traditionally leveraged Microsoft Active Directory® (AD) as their identity provider (IdP) for almost two decades. AD is an on-prem directory service solution designed to help manage Windows-based users, systems, and IT resources.
AD introduced the modern concept of a core user identity, and enabled IT admins to manage passwords and configure complexity settings for their AD user identities. End users benefited from an approach to authenticating user access to Windows-based IT resources that allowed them to gain access to everything they needed with a Single Sign-On (SSO) approach. In other words, users simply logged into their Windows machine and subsequently had access to a wide range of Windows-based IT resources.
If they wanted to update their password, they did so in connection with AD and their user access credentials were updated across all of their provisioned resources. It was simple, secure, and straightforward.
Then, the IT landscape started to change in the mid-2000’s with the introduction of web applications, disparate operating systems (e.g., Mac and Linux), cloud infrastructure (e.g., AWS, GCP), and more. AD was unable to manage these new resources effectively. The result was that a variety of cloud-based SSO solutions had to be layered on top of AD to extend user credentials to the cloud.
While third party add-ons were effective at extending AD identities to cloud-based IT resources, their success came at the expense of the end user experience and ease (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/outsourced-password-management/