By Rajat Bhargava Posted December 26, 2014
Businesses leverage Software-as-a-Service solutions for a number of reasons:
- It offloads work
- It increases capabilities
- It’s “available” more of the time, and
- It’s more cost effective in terms of both time and resource allocation.
As more organizations learn the general benefits of the SaaS movement, they are moving more and more of their infrastructure to an “as-a-service” model. This includes the movement of the directory service, or better known as Directory-as-a-Service® solutions. These solutions can include centralized user management, LDAP-as-a-Service, True SSO, RADIUS-as-a-Service, device management, and more.
The benefits and drivers of a Directory-as-a-Service, or DaaS, solution are covered below.
DaaS Fits Into the Bigger IT Picture
Let’s face it, on-prem network infrastructure is going away. Organizations are decreasing their on-premise network infrastructure, as they shift data centers and storage to the cloud. For example email, long one of the core applications for any organization, is outsourced to Google. A similar story is told with file storage. Files were once saved and managed on a person’s PC, or even on CDs or floppy disks(!). Now documents, notes, and projects are now saved in cloud-storage like Evernote, Dropbox or Box.
As more users understand the value, collaborative nature, and security of cloud-based infrastructure, it’s no surprise the number of “as-a-service” solutions are multiplying.
The challenge for IT admins is how to bring those devices and that infrastructure into the directory services fold. The benefits of Infrastructure-as-a-Service (IaaS) are significant for organizations. On-demand compute and storage resources, operational cost model, and, generally, higher availability and performance are just some of the core reasons that IaaS is becoming the dominant data center infrastructure. The challenge, however, is that these remote resources are difficult to manage for on-premise directories.
That’s why the next big system to make the shift is directory services. A company’s identity provider stands at the core of its business and is the command center for employee access to all business run applications, devices, and softwares. The directory must interface with all other “as-a-service” infrastructures in an easy, secure, and manageable way.
Typically on-premise directories are not exposed to the Internet and public IaaS may not be within a virtual LAN at the provider making direct connections between the server and the directory difficult. Directory-as-a-Service solutions offer a bridge between on-premise directories to cloud infrastructure, and can completely and completely manage access control to these critical infrastructure elements.
Moreover, moving directory services to the cloud means that organizations can eliminate that on-premise hardware, stop purchasing software in the outmoded perpetual license model, and not worry about the on-going operational effort of keeping the directory up and available 100% of the time.
Takeaway 1: If your business is leveraging any SaaS programs for a part of its core operations, a DaaS is necessary to keep all the moving pieces accounted for and managed.
Cloud-Based Directory DaaS Functions with Your Favorite Devices
Securing today’s workforce means understanding how employees use their devices, from personal mobile devices, to PCs. In fact, Gartner predicts that by 2017 half of employers will require employees to bring their own device (BYOD).
However, security is the top concern for employers with a BYOD policy.
The good news is advancements like Identity-as-a-Service recognize and integrate with a broad spectrum of devices, keeping security high, and vulnerability low. More importantly, the general public is reaching a point where web-based business is being widely accepted.
As David Willis, Vice President and distinguished analyst at Gartner says:
“We’re finally reaching the point where IT officially recognizes what has always been going on: People use their business device for nonwork purposes.”
“They often use a personal device in business. Once you realize that, you’ll understand you need to protect data in another way besides locking down the full device. It is essential that IT specify which platforms will be supported and how; what service levels a user should expect; what the user’s own responsibilities and risks are; who qualifies; and that IT provides guidelines for employees purchasing a personal device for use at work, such as minimum requirements for operating systems.”
DaaS, unlike Microsoft AD or LDAP, provides cross platform user access control and device management capabilities. It also works with all major device types – Windows, Mac, and Linux – and can be controlled and managed from one central directory service and Web-based interface.
Takeaway 2: As more organizations leverage multiple device types, and BYOD, a cross-platform “directory-as-a-service” is critical to control, visibility, and security.
DaaS Manages Web Apps
Web apps, like Salesforce, Dropbox, Workday, and countless others, have changed the way companies work. No longer do IT admins need to purchase, implement, and/or customize the software that they need. Today’s organizations simply sign-up for SaaS for everything from CRM, to file sharing, to HR. The problem, of course, is how do you manage access to these countless number of applications? A modern enterprise may have hundreds of SaaS-based applications in use across their organization.
Ideally, an organization leverages their core user directory to manage access to these applications. And, that’s exactly what Directory-as-a-Service solutions do.
Takeaway 3: If you have online web apps for a bulk of your productivity solutions, manage them in one spot with DaaS. A True Single Sign-On™ solution centralizes user access to devices, applications, and networks.
DaaS Improves Online Security
As mentioned earlier, security is the top concern for IT admins. The risk of compromised of user credentials, or hacked data, not only puts the IT admin’s job at risk, but puts the entire company at risk.
With the right credentials, a hacker has the keys to infiltrate and steal just about every online asset. That’s the reason that organizations, historically, have held tight to their on-premise directories. The belief was a strong moat around the directory would increase security. When all of the IT assets and resources were inside of the moat, the directory worked well. Now that organizations have IT resources all over the Internet, the old approach doesn’t work very well.
Thankfully, DaaS solutions build security into the directory from inception. The directory infrastructure is secured with multiple layers and further, access to authenticate is done with secure protocols and approaches. The directory ends up being a point of security rather than a point of vulnerability.
Takeaway 4: Baking security into the fabric of your business process is the only way to ensure you’ve done as much as you can to prevent compromised data and credentials.
In a perfect world, an organization’s user directory is at the core of a company’s IT infrastructure. A directory service manages all of an organization’s IT connections. Controlling access to all types of devices, cloud servers, and Web-based applications is what a cloud-based directory is focused on accomplishing. Organizations are moving to more diverse and heterogeneous environments, but legacy directories haven’t been able to keep up. Modern, cloud-based directories are the answer. Directory-as-a-Service solutions are focused on being cross-platform and managing access to devices and applications irrespective of where they are.