By Rajat Bhargava Posted August 3, 2016
“Should we look at a cloud Active Directory solution?”
In fact, today, if you would like to leverage Active Directory in the cloud, you’ll need to use both solutions. That’s why the purpose of this post is to focus less on the “brand name” Active Directory solution, but rather the concept of a virtual identity provider.
The idea of a cloud directory services solution is very much on the radar for most IT organizations. These reasons explain why:
Reasons to Migrate to Cloud Active Directory
While there are many reasons to move your directory service to the cloud, here are five key ones that we think make a difference for just about every organization:
(1) Shift to the Cloud
More organizations than ever are shifting as much as they can to the cloud. With Google Apps and Office 365 paving the way on the productivity side and AWS on the server infrastructure, very little is being left on-premises.
That is, except for the directory service.
Organizations that are leveraging Microsoft Active Directory are stuck with a server on-prem and as a result they have one foot in the cloud and one on-prem. That’s a bad spot to be in for most IT organizations. It doesn’t let them fully commit to taking advantage of the agility and modern capabilities of the cloud. Even worse, they miss out on the cost savings.
A cloud Active Directory replacement is a significant step towards living completely in the cloud.
(2) Centralize User Management
Too many organizations run multiple directory services today. That could be running AD and LDAP, or even more likely it could be many ‘mini directories’ all over the Internet and on-premises.
We refer to mini directories as silo’d users on a single platform or application. If you are manually creating users in Salesforce or on your AWS server, you have mini directories.
Centralizing user management means connecting all of these various IT resources to one central identity provider. Too often this is easier said than done and historically it was nearly impossible. Modern cloud directory services are working to change that and are centralizing user access to systems, applications, and networks.
(3) True Single Sign-On for Users
Users are accessing more types of IT resources than ever before including those in the cloud and on-premises. As cloud infrastructure has proliferated and new platforms have emerged on-premises (including Macs and Linux devices), users have been left with creating more accounts and memorizing more passwords.
Too often, those passwords are the same across many IT resources – both personal and professional and that is leading to more security compromises than ever before.
As users are struggling with this explosion of accounts, so too are IT organizations trying to get a handle on everything that their employees need to access. By enabling a True Single Sign-On™ capability, users will be able to access all of their professional IT resources with one account. This increases productivity and control for IT admins.
(4) User Self-Service Capabilities
Historically, directory services solutions have largely been the domain of the IT admin. They were on the hook to manually update accounts, passwords, reset account, change SSH keys, and much more.
The IT admin was the conduit between the user population and whatever access they needed. If there was a problem, the IT admin was getting a call.
Modern Identity-as-a-Service platforms are built to handle user requests through a self-service portal. Users are able to update their passwords, rotate their keys, update their data, and more. In fact, the long view is that the user will be able to do just about anything that they need to do without the IT admin being involved, because their entitlements will be set through their role within the company. This will be a welcome change for most IT admins.
(5) Increased Security
One of the key differences with modern, cloud-based directory services such as Directory-as-a-Service is that they prioritize security.
When Active Directory was introduced, identity security wasn’t a significant focus. The AD server was housed within the organization’s four walls or at a data center they controlled. It wasn’t accessible through the public Internet, so organizations largely felt secure.
Also, while there was identity theft, it wasn’t at the fevered pitch it is today where compromised credentials are almost a daily topic on CNN. Virtual identity providers take securing credentials seriously and the process of ensuring that users are leveraging strong credentials and multi-factor authentication is built into the platform.
AD and the Cloud
While the title may focus on a cloud Active Directory, this post has largely been about the benefits that any cloud-based directory service can bring to organizations.
Ultimately, the decision of what to choose largely depends upon the infrastructure that you have. If you are heterogeneous, leverage other cloud technology, and require multiple authentication protocols, then give JumpCloud’s Directory-as-a-Service a try. Your first 10 users are free forever.