IAM 101 Series: What Are Directory Services?

Learn why the backbone of your IT stack may be overdue for an upgrade before it slows down productivity 

The beautiful thing about IT is that it just runs. You open up your laptop, access your applications, and stay productive and focused throughout your day. The technology that goes on behind the scenes is somewhat irrelevant to your average user.

So when I say “directory services,” you may be tempted to move on and watch some cat videos on YouTube. Stay with me, humble reader, for herein lies an important message.

What are directory services?

Directory services are the databases that store some of the most essential information you need to do your job. They are often referred to as data stores, LDAP, and directories. The information stored in these vessels include your username, password(s), authentication preferences and enrollments, user preferences, application data and, more recently, information on devices such as mobile and Internet of Things (IoT). As you can see, much of this information is identity related.

What happens when you fire up an application? Whether it’s a cloud, mobile, or traditional application, and whether you’re using it for work or otherwise, the application is going to reach out to the one definitive source of identity truth in your organization – the  directory. This is to validate that you’re still a legitimate user of the organization, that you’re authorized to access the application and to find out what you can do with it. It’s that simple.

But these days, directory services are under siege. Many organizations deployed their directory services many years ago, in the pre-cloud years, so they are running what we call “legacy” directories. While they still “work” in the traditional sense, there are reasons – both technical and non-technical – to believe we’re headed for a directory slow down.

The first reason is that the amount of information being put into directories is multiplying exponentially. Consider the “Things” in the Internet of Things (IoT). Estimates are that, in 2020 alone, the number of deployed Things will reach 31 billion! That’s at least four times the number of people on the planet. And all this IoT data is being registered in directories. 

The second reason directories are slowing down has to do with the ubiquitous nature of our work and home environments. Where do you work? If you’re like me, your work is anywhere you are. It’s certainly no farther away than your mobile phone or laptop in our hyper-connected world. This reality means directory services need to be distributed and highly available so that you can access the apps and services you need quickly. A slow link or an overwhelmed legacy directory sifting through millions of entries means you’ll wait to be authenticated and connected. Waiting is costly. Waiting is time. The result? Lost customers, decreased productivity for your workforce users, unhappy application owners, and a situation that will only get worse if not addressed quickly.

Directory services – the old iron of the business – need to go the way of the mainframe and green screen applications. They need to modernize!

Unfortunately, that’s easier said than done. Modernizing directory services is probably not high on the list of projects for your IT database administrator this year. Or next year.

But there is a pathway, and real ROI to be realized by modernizing your identity and access management (IAM) solutions. It doesn’t have to be painful. ForgeRock has Accelerator toolkits that help organizations upgrade legacy IAM solutions in a prescribed way, so they can go at their own pace. Accelerators are a complete kit of everything you need to get started. They include documentation, reference architecture, and step-by-step processes that allow you to migrate one app at a time or 10 at a time, or many more.

Using a coexistence or just-in-time (JIT) strategy, you can run ForgeRock IAM alongside your existing directory to make sure there is no loss of data or lack of availability to applications. When you’re ready to cut the cord and move to modern IAM, you can disengage your legacy directory and say goodbye to those hefty maintenance costs.

ForgeRock has one of the few directory services on the market today that offers a deployment option to run in containers. A container is a ready-to-run software package that includes everything you need to run your directory service in a Kubernetes or Docker pod. They can run any cloud (or on premises) and use vastly fewer IT resources in your data center.

ForgeRock also natively supports all the apps you want, provides greater security, offers more fine-grained access control, and works both within and across your data centers. 

For organizations to stay agile and productive, your directory services need to keep up with the growing needs or your users and customers. To learn more visit us online at

*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Jeff Carpenter. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)