By Greg Keller Posted April 10, 2015
When multiple identities exist in a variety of locations, it poses a serious security challenge for IT admins.
Why Multiple Identities Occur
It comes down to the limitations of conventional directory solutions. Often a company is implementing a directory and that directory isn’t able to connect to every application or device.
For example, if an organization has Mac devices and they are leveraging Active Directory®, then those Macs are largely out of IT’s purview. If an organization is leveraging OpenLDAP™, but would like to manage access to web applications, that’s a challenge too.
One way or another, the result is that a user has a number of different identities across these various devices and applications.
The Problem With Multiple Identities
Having identities scattered about is inefficient. IT isn’t able to control all of them in one spot. Changes made in the central directory end up propagating to some IT resources, but not others. The IT admin needs to track which resources need separate control.
This is more than just tedious; it’s a security risk. A misfire means that a change isn’t made. Perhaps a user who should not be on the network still has access somewhere. If the application or device is behind a firewall or VPN, then you could say the risk is low. But if the application is on the web, then it could end up being a major security threat.
Regardless of security, the multiple identities simply makes compliance activities difficult. IT admins have wanted to solve the problem of multiple identities for years. But solutions haven’t been forthcoming.
At the root of this problem are both Microsoft Active Directory and OpenLDAP. Each of these options make it difficult for IT admins to consolidate identities across multiple platforms and applications.
Thankfully, a new generation of technology is finally emerging to solve the problem of multiple identities in a variety of places.
Consolidating Identities in Your Directory with DaaS
Directory-as-a-Service eliminates the cross-platform and geographic location problems. Now, a user’s identity can be managed from one central, cloud-based directory infrastructure.
IT admins can connect virtually all of their devices and applications to the directory – which now consolidates the user’s identity. Provisioning access through the cloud-based directory propagates to nearly all IT resources. DaaS means you can trust that when a user is securely terminated, then they no longer have access across the entire infrastructure.
The complicated problem of having multiple identities now has a simple solution: a directory service that can connect and manage access to a wide variety of IT resources.
Don’t give up on consolidating identities for your users. Having central control is important and there are ways to make it happen. Look into Directory-as-a-Service and drop us a line if you have any questions.