IT organizations now must hurry to enable all-remote workforces — many for the first time. They face numerous challenges, including determining how they will maintain secure and appropriate user access across their organizations. The directory service they have in place can hinder this transition, or it can serve as a driving force behind it.
As we look toward the future, we believe that directory services will increasingly be among the tech solutions to have light-touch implementations in the cloud. This new generation of cloud solutions will allow organizations to be as effective off-premises as they are on-premises. Here, we’ll explore the history of directory services architecture, our vision for its future, and the benefits such new architecture can provide.
In the traditional domain-bound enterprise, admins installed Active Directory®, bound all IT resources to it, and created an internal network that served as a perimeter to protect organizational data. Admins provisioned users and managed their access levels in AD, and users accessed the internal network either in the office or via VPNs when they worked in the field.
However, AD required increasingly complex networking and layered add-ons as new resources emerged that were difficult or impossible to manage with AD, including SaaS apps, cloud infrastructure, and non-Windows systems. Admins were forced to seek web application single sign-on (SSO) solutions and other add-ons to federate AD identities everywhere they were needed, or they managed secondary directories within those other services.
The AD domain approach, supported by third-party identity bridges, requires continued investments in on-prem infrastructure — and it’s increasingly labor intensive to operate. Instead of bending over backward to tether resources to AD, though, admins have a new path forward in the domainless enterprise.
What is the Domainless Enterprise?
In the domainless enterprise, admins can transition from on-prem directory services to entirely cloud-based directory services and reinvent their approach to security. Modern cloud directory services do not replicate AD’s perimeter security model in the cloud; instead, they enforce the concept of zero trust security.
Admins remotely secure, configure, and monitor users’ Mac®, Windows®, or Linux® systems, which serve as their conduit to other organizational resources. Users are untrusted by default and must verify their identity not only to access their systems but also to access other resources through them.
Cloud directory services are platform-agnostic so admins can avoid the “lock-in” that they experienced with AD and the Microsoft® ecosystem. They can manage virtually all modern resources directly, including systems, apps, networks, and cloud infrastructure. There are three key benefits of this new domainless architecture.
Benefits of Domainless Enterprise Architecture
1. Choose the Best Solutions for Your Environment
In the domainless enterprise, admins can centralize identity and access management (IAM) in the cloud, without the need for add-ons or on-prem infrastructure. This gives them the freedom to leverage virtually any IT resource and connect it directly to their directory service.
Instead of getting locked into one ecosystem or managing extensive vendor relationships, admins can focus their attention on picking the solutions best suited to their unique teams and managing access to them securely.
2. Improve User Experience & Increase Security
Admins can improve the experience for end users and increase organizational security when they centralize access management to virtually all IT resources.
From a cloud directory service, they can enable users to change their passwords directly on their systems, and those changes are written back to the directory and then effectively flow to all the IT resources that authenticate against the directory service. That way, users can enter their core credentials to access their machines and use familiar workflows to change their passwords, and they’re empowered to manage their passwords themselves. This reduces password tickets, and, more importantly, the likelihood they click on a phishing email or fall prey to another browser-based attack.
Admins can enable multi-factor authentication (and SSH key use, where applicable) at each access point in the organization rather than relying on an internal network perimeter as the primary source of security. They can also near-instantaneously suspend a user’s access to all their resources from a web-based console in the event that a user leaves the organization or their credentials are compromised.
3. Run Operations from Any Location
Cloud infrastructure in the domainless enterprise also gives admins the ability to run their operations with flexibility and agility. They don’t have to worry about a domain controller failing, maintaining an off-site backup, or securing physical access to their servers in the event of an emergency.
Whether there’s a natural disaster, mandated lock-down, or other external event, their cloud directory service is available to them from any location, and there’s automatic redundancy built into the platform. Learn more about moving off-prem in the domainless enterprise.