By Greg Keller Posted July 15, 2019
The concept of a cloud-based directory service can be jarring for many. The idea of the legacy Microsoft® Active Directory® or open source OpenLDAP hosted in the cloud conjures a number of scary scenarios:
- What would happen if the cloud directory were to go down?
- What would happen if my Internet connection were to go down?
- Is it secure? And can I get my data if the solution were to go away?
These are all reasonable questions when thinking about any cloud-based infrastructure service.
The good news is that SaaS-based solutions have often been designed from the ground up with these issues in mind. The answers to these questions are built into the very architecture of a cloud directory.
Remember that cloud directories have the benefit of arriving long after companies like Salesforce®, Google®, and AWS® paved the way. Thousands of SaaS and IaaS solutions later, the concerns about security that have surrounded the cloud since its inception are beginning to dissipate among the IT community at large. Even so, it’s important for IT to practice due diligence when making any decision that links their resources to a cloud-based app or service.
Let’s take each of these concerns as they relate to the JumpCloud® Directory-as-a-Service® platform:
Directory Services Outage
At JumpCloud, our cloud directory is designed to handle outage issues. Authentications need to happen regardless of whether the central directory service platform is available. To that end, the architecture creates what we call survivability. Systems that authenticate against Directory-as-a-Service have a lightweight agent that caches credentials. LDAP and RADIUS servers are dispersed globally and continue to operate in the event that the central identity provider is down.
Internet Connection Problems
Similar to a directory services outage, systems will continue to operate without Internet connectivity. Many LDAP-based applications will cache credentials and as a result, continue to operate just fine. WiFi access points that connect to a cloud RADIUS server will not be able to traverse the Internet during an outage, but local connectivity can be moved to a shared SSID and passphrase mode.
Identity-as-a-Service platforms take security very seriously. The best unified cloud directory services will ensure that your data is secured. Here are a few of the most effective methods:
- one-way hashing and salting of passwords
- strong mutual TLS communication channels
- strong security practices such as vulnerability scans
- penetration tests
- security training
There are also a number of customer-facing features that can increase security, including password complexity toggles, multi-factor authentication capabilities, security policies for full disk encryption (FDE), and auditing of logs / event data.
Many organizations eschew cloud services because they fear that they will be locked in. An on-prem system gives IT more control over their data. At least, that’s the belief. JumpCloud’s cloud directory service will provide easy portability by providing a list of user and other associated data. The best cloud directory services won’t lock you into any platform, protocol, or vendor. Directory-as-a-Service is independent and agnostic. Leverage that capability to your advantage to choose the right IT solutions for your organization, without having to account for the compatibility limitations of your directory.
Directory-as-a-Service is Reliable, Available, and Secure
Often, IT organizations ask critical questions about whether a cloud-based service can be reliable enough for their needs. It seems like there is a concern that not having availability and reliability within their control could lead to issues in the future. These are all valid questions that deserve attention. Dig into how a modern identity management platform such as Directory-as-a-Service builds in availability, reliability, and security into the platform. View our Security Page for additional information or our Status page for live updates on JumpCloud’s availability.
Drop us a note because we would be happy to chat with you about it.