Is A Cloud-Based Directory Service Safe?

By Greg Keller Posted September 27, 2016

For the modern organization, nothing is more important than security. So it’s no surprise that we’re often asked, “Is a cloud-based directory service safe?”

It’s a good question and one that is deeply rooted in the history of identity management. So before we discuss the state-of-the-art security practices that are implemented by cloud-based services today, I want to take a few moments to discuss the conventional approach and how it has influenced our view of security today.

The History of Identity Management

feature-1-508784dbae37b987bd2d0de9c7048a9a

Traditionally, identity and access management platforms have lived on-prem. Of course, 20 years ago there wasn’t the concept of the cloud as it exists today, so it made sense that an identity provider would be on-prem.

IT organizations did leverage directory services solutions and store their user credentials there. In that era, OpenLDAP and Microsoft Active Directory were popular options. Because those solutions were hosted on-prem, the directory services platforms themselves didn’t need to focus on security. Sure, they needed to be secure, but there would be a moat of sorts around those identity management solutions. Organizations would have firewalls, intrusion detection systems, VPNs, encryption, and all kinds of other network security systems.

With all of these protections, there was no incentive to make the directory itself more secure. Therefore, the prevailing view became that a directory service needed to be on-premises because that platform in and of itself wasn’t secure enough. It also needed to be supplemented with additional security measures.

With that as a backdrop, you can understand the line of questions around security.

Of course, modern Identity-as-a-Service providers understand this problem. Hosting a directory service platform in the cloud can’t start with the same approach as on-premises solutions. Security for Directory-as-a-Service® is built from the ground up. Any service that is hosted on the public internet needs to take security seriously. The approach that JumpCloud® has taken with our Directory-as-a-Service platform is to have multiple layers of security.

IS chart

Layers Of Our Cloud-Based Directory Service Safety Include:

Salted and Hashed Passwords

SSO Logo

Any passwords stored within JumpCloud’s cloud-hosted directory are one-way salted and hashed.

Mutual TLS

All communication within the Directory-as-a-Service platform is done through mutual TLS. This level of communication requires certificates on both sides of the connection which steps up the level of security.

Hardened Infrastructure

A hardened infrastructure includes controlling access levels and the various ports over which communications occur.

Security Testing

Consistent testing of the infrastructure is required and can include vulnerability and penetration testing.

Training

While the technology layers are an important piece of the security puzzle, so is training all of your employees to understand how they can support your security posture.

A cloud-based directory service is an innovative approach to solving the identity management problem for modern, cloud-forward organizations. New technologies always come with questions. In this case, the question has been whether a cloud-hosted directory is secure. With a significant number of best practice approaches to security, modern directory solutions can be as secure as or even more so than their on-premises counterparts.

Put Safety First With JumpCloud

mac management

If you would like to learn more about how JumpCloud’s Directory-as-a-Service is secured and how it can help you be more secure, drop us a note. Since your first 10 users are free forever, give our SaaS directory service a try for yourself.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts