By Nick Scheidies Posted January 22, 2019
Can any IT solution be future-proof? Unpredictable innovation will inevitably disrupt the best laid plans of sysadmins, network architects, and directors of IT alike. So there are no guarantees. But you can select an identity provider (IdP) that will be better positioned to adapt to what’s next.
If you’re looking for a future-proof identity provider, here are the questions to ask:
Is the IdP secure from the inside out?
Even if your IdP has built an impervious perimeter today, it won’t be impervious forever.
Some SaaS organizations treat security like it’s a wall around a castle: first we’ll build the castle and then we’ll make it secure. These organizations tend to think of security like it’s a hard outer shell.
But the problem with shells is that they get cracked. That’s why so many security experts advocate for “zero trust security.” The concept of zero trust was introduced by John Kindervag and Forrester Research in 2009. They basically argued that organizations of the future would have to be secure from inside out – not just a strong outer shell but a strong core and every layer in between.
Is the IdP responsive to industry changes?
Legacy identity providers have historically taken the stance of resisting change. For instance, Microsoft® initially did everything they could to stem the rise of the cloud and multi-OS environments. Eventually, they introduced Azure® Active Directory®, but even today it still isn’t a complete replacement for on-prem AD.
When you choose an identity provider, you should try to pick one that is willing and able to evolve. This requires an identity provider that is both independent (i.e. doesn’t have a conflict of interest when it comes to supporting some resources over others) and also large enough to devote substantial engineering and development resources to keeping their product up-to-date.
Some IAM startups are literally built and maintained by two people. These organizations simply don’t have the resources to respond to IT market changes as they happen. Ideally, your IdP is small enough to be independent but large enough to allow for rapid development and world-class security.
Does the IdP support a wide variety of authentication protocols?
There will never be “one protocol to rule them all.” From SAML and LDAP to RADIUS and Samba, we’re living in a multi-protocol world. No identity provider is compatible with every single protocol out there, but make sure to choose one that can authenticate and authorize with a variety of protocols. That’s the key to compatibility with current and future IT resources.
Being multi-protocol makes your identity provider more like a multi-tool. It’s a wrench, screwdriver, and pair of pliers all in one. It means you can do more without having to switch out for different solutions – and it future-proofs your identity management by increasing the likelihood you’ll have the right capabilities on-hand when new authentication and access needs arise.
Is the IdP cloud-forward?
By the end of 2019, about 78% of small businesses will have adopted cloud computing. If your work is happening in the cloud, there’s no reason your identity provider should be on-prem. The cloud is simply more nimble.
Today, nearly every IdP claims a cloud-forward approach. But actions speak louder than words. Some legacy identity providers still keep one foot on-prem. There are advantages to choosing an IdP that hasn’t just adapted to the cloud, but has actually been built from the ground up for the cloud era.
Does the IdP take an independent approach to supporting platforms?
In the past, IT was monolithic. Microsoft ruled the day. But that has changed. Google®, Apple®, Amazon, and other major players have staked their claims in every segment of Microsoft’s once-mighty IT empire.
In a heterogeneous world, you need a heterogeneous identity provider. This will likely only be more true in the years to come. By choosing an identity provider that embraces the heterogeneous IT with a platform-agnostic approach, you decrease the risk of future disruption – while also making it easier to say “yes” to user requests.
The problem with major platforms as identity providers is that once they get to a certain size, they tend to want to restrain users to their tools and platforms. For instance, Microsoft will gladly connect your identity to Windows® 10 systems and Office 365™ – but they’re not going to bend over backwards to make sure that it works well with Macs or Linux. This phenomenon is called “vendor lock-in”, and it can cause IdPs to limit their product’s functionality in ways that are not in the best interests of their customers.
The best identity provider doesn’t play favorites between Mac®, Windows, Linux®, Office 365, G Suite™, AWS®, GCP, and so on. That’s because best-in-class identity management means enabling IT admins to do their jobs regardless of the device, app, or platform.
How We’ve Tried to Build a Future-Proof Identity Provider
Maybe it’s impossible for anything to be truly future-proof. But we believe that part of what allows people and organizations to achieve great things is aiming for the impossible.
At JumpCloud, our goal is to make a future-proof identity provider. We won’t know if it’s possible if we don’t try. The future will hold many surprises for identity management. All we really know is that when the future happens, we’ll be there to connect and secure it.