By Rajat Bhargava Posted May 26, 2016
Should IT organizations move to a cloud directory service? At the root of this question is whether it’s better to own your own identity management infrastructure or rent it. The answer, of course, depends. Every organization is a little bit different and likely has some unique considerations. In this article, we’ll discuss some of the factors involved when choosing between leveraging an Identity-as-a-Service platform or maintaining an identity provider in-house.
Things to Consider in the Own vs Rent Debate
Some organizations are regulated or have significant compliance requirements. Some regulations clearly state that the network must be maintained in-house. The United States Department of Defense (DoD) is an excellent example which illustrates the presence of stringent requirements around third-party data hosting. It is rarely allowed. When it is, there are strict requirements around the facility that houses the data, including being subject to a number of compliance regulations, audits, and assurances of other parties in the facility. Alternatively, other organizations that are regulated seemingly welcome the opportunity to shift responsibility to a third party. PCI is just one example of this. Third-party providers are not limited as long as they are compliant with the regulations as well.
Security is on the minds of every IT admin these days. With so many breaches occurring on a regular basis, IT organizations are looking for steps that increase their security, not decrease it. Some organization view the outsourced directory services path as an increased security risk. However, plenty of IT organizations have discovered that virtual directory services are actually more secure than in-house solutions. Either way, cloud-hosted identities are already occurring, and IT needs to take notice and manage that risk. If Google Apps or Microsoft Office 365 are part of the plan, identities are already out in the cloud, or there are other major SaaS-based applications or cloud infrastructure in place.
Existing use of the cloud
If you are already heavily cloud forward, you are likely grappling with the issue of connecting those services to your core identity provider. On–prem directory solutions struggle with cloud infrastructure and web applications. As a result, organizations end up compensating for those weaknesses by adding web single sign-on solutions. And, cloud-based directory services platforms wind up incorporating cloud systems and web apps.
On-prem directories, such as Microsoft Active Directory, Apple Open Directory, and OpenLDAP, are optimized to one particular platform: Windows for AD, Macs for Open Directory, and Linux for OpenLDAP. While there is marginal support for other platforms, they work best with the platforms for which they were intended. Managed directory services are focused on a wide array of platform support to ensure that their solution works well with everything in the network.
We’ll Help You Answer the Question with Directory-as-a-Service®
Organizations will have a number of other considerations, but these are the common issues that we hear as IT admins figure out whether they would like to move their identity management platform to the cloud. If you would like to discuss whether Directory-as-a-Service is right for you, drop us a note – we’d be happy to chat with you. Or, feel free to sign-up for a free account and evaluate it for yourself. Your first 10 users are a free forever.