By Vince Lujan Posted May 28, 2018
Identity and access management (IAM) can be challenging in modern IT organizations. With cross-platform system environments, web and on-prem applications, various file storage systems, and networks spanning numerous locations, IAM has never been more complex. The good news is that a next generation cloud directory has emerged that offers a simple approach to cloud IAM. How is this possible? We invite you to continue reading to find out. Let’s start with the basics.
What is IAM?
According to Gartner, “IAM is the security discipline that enables the right individuals to access the right resources at the right times and for the right reasons.” In other words, IAM describes a category of IT solutions that serve to securely manage and connect users to their IT resources such as their systems, applications, files, and networks. This is generally achieved by leveraging core directory services platforms, which store core user identities and federate them to a wide variety of IT resources. These IT resources also look to the core directory services database as the source of truth for authenticating and authorizing user access. As a result, directory services are often called identity providers (IdPs). The key advantage with an identity provider in modern organizations is that IT can leverage core user identities to manage access to IT resources from one centralized location. In doing so, IAM is far more efficient and secure compared to manually managing user access to IT resources on an individual basis.
Traditional IAM Solutions
Historically, the most popular IAM solutions have come from Microsoft® and have been focused on the Windows® operating system (OS). Microsoft Active Directory.® (AD) is probably the most notable example. Released in 1999, AD is an on-prem directory services platform designed to manage Windows users and their access to on-prem, Windows-based IT resources. Initially, this gave AD an advantage over competitors (e.g., OpenLDAP™) because enterprise IT environments were basically networks of Windows-based IT resources and just about everyone was a Windows user. This homogeneous setup made IAM relatively straightforward. In most cases, IT simply implemented AD and they could effectively control all of the users and IT resources in their environment. It was certainly nice while it lasted. However, a wide variety of non-Windows and cloud-based IT resources were introduced in the mid-2000s that would break the pristine, Windows-centric model that AD was designed for. Consequently, IAM got a lot more complicated.
Modern IAM Challenges
The IT landscape began to diversify as macOS® and Linux® gained popularity in the workplace as Windows alternatives. Then came Salesforce®, Google Apps (a.k.a. G Suite™), and other web applications that could replace on-prem, Windows-based applications. An array of on-prem file storage alternatives arrived after that such as Samba File Servers and NAS appliances, or cloud storage solutions from vendors like Box™ or Dropbox™. Even the network itself evolved from a wired connection to wireless via WiFi. Yet, perhaps the most significant change was the introduction of cloud infrastructure at AWS®.
All of these changes made IAM incredibly complex. One of the primary challenges is that antiquated IAM solutions like AD have remained the core identity management solution in most IT organizations. AD was never designed to support non-Windows or cloud-based IT resources. As a result, IT is forced to either manage non-Windows IT resources independently, or employ the help of a laundry list of third-party AD add-ons (e.g., web application SSO) that only added more complexity. IT admins are tired of juggling multiple add-on solutions and trying to make AD work in modern IT environments. Most of them would rather eliminate their on-prem identity management infrastructure altogether in favor of cloud alternatives that can deliver a simple approach to cloud IAM.
The Future of IAM is in the Cloud
Fortunately, as previously noted, a next generation IAM solution has emerged that offers simple cloud identity and access management capabilities designed for modern IT networks. The solution is called JumpCloud® Directory-as-a-Service®, and it can securely manage and connect users to their systems, applications, files, and networks without anything on-prem. In fact, the full functionality of the JumpCloud platform is delivered as a cloud-based service, and works for virtually any IT resource regardless of the platform, provider, protocol, or location. In doing so, IT can enjoy a simple cloud IAM approach to managing all of the IT resources in their environment.
Sign up for a free account or schedule a demo to see a simple cloud IAM solution in action. We offer 10 free users to help you explore every aspect of the JumpCloud platform risk free. Don’t hesitate to contact JumpCloud if you have any questions, or check out the following whiteboard presentation for more information about Cloud IAM protocols and architecture.