By Greg Keller Posted September 27, 2016
For the modern organization, nothing is more important than security. So it’s no surprise that we’re often asked, “Is a cloud-based directory service safe?”
It’s a good question and one that is deeply rooted in the history of identity management. So before we discuss the state-of-the-art security practices that are implemented by cloud-based services today, I want to take a few moments to discuss the conventional approach and how it has influenced our view of security today.
The History of Identity Management
Traditionally, identity and access management platforms have lived on-prem. Of course, 20 years ago there wasn’t the concept of the cloud as it exists today, so it made sense that an identity provider would be on-prem.
IT organizations did leverage directory services solutions and store their user credentials there. In that era, OpenLDAP and Microsoft Active Directory were popular options. Because those solutions were hosted on-prem, the directory services platforms themselves didn’t need to focus on security. Sure, they needed to be secure, but there would be a moat of sorts around those identity management solutions. Organizations would have firewalls, intrusion detection systems, VPNs, encryption, and all kinds of other network security systems.
With all of these protections, there was no incentive to make the directory itself more secure. Therefore, the prevailing view became that a directory service needed to be on-premises because that platform in and of itself wasn’t secure enough. It also needed to be supplemented with additional security measures.
With that as a backdrop, you can understand the line of questions around security.
Of course, modern Identity-as-a-Service providers understand this problem. Hosting a directory service platform in the cloud can’t start with the same approach as on-premises solutions. Security for Directory-as-a-Service® is built from the ground up. Any service that is hosted on the public internet needs to take security seriously. The approach that JumpCloud® has taken with our Directory-as-a-Service platform is to have multiple layers of security.
Layers Of Our Cloud-Based Directory Service Safety Include:
Salted and Hashed Passwords
Any passwords stored within JumpCloud’s cloud-hosted directory are one-way salted and hashed.
All communication within the Directory-as-a-Service platform is done through mutual TLS. This level of communication requires certificates on both sides of the connection which steps up the level of security.
A hardened infrastructure includes controlling access levels and the various ports over which communications occur.
Consistent testing of the infrastructure is required and can include vulnerability and penetration testing.
While the technology layers are an important piece of the security puzzle, so is training all of your employees to understand how they can support your security posture.
A cloud-based directory service is an innovative approach to solving the identity management problem for modern, cloud-forward organizations. New technologies always come with questions. In this case, the question has been whether a cloud-hosted directory is secure. With a significant number of best practice approaches to security, modern directory solutions can be as secure as or even more so than their on-premises counterparts.
Put Safety First With JumpCloud
If you would like to learn more about how JumpCloud’s Directory-as-a-Service is secured and how it can help you be more secure, drop us a note. Since your first 10 users are free forever, give our SaaS directory service a try for yourself.