By Rajat Bhargava Posted March 17, 2017
AWS has a number of different identity and access management solutions. AWS IAM is their user management system for the AWS console. They have also introduced a number of versions of the AWS Directory Service, which is meant for user access control to the servers and desktops hosted at AWS. All of these solutions have been in the market for a while.
Competing for Your Cloud Infrastructure Budget
Interestingly, it’s not just about Google Cloud IAM competing with AWS Directory Service or AWS IAM. It’s really about the competition for your cloud infrastructure dollars. Google is trailing behind and chasing AWS. Both of them are following the same strategy. They want to build a lot more capabilities than just hosting cloud servers since that isn’t good enough for organizations today. IT organizations are looking for a more thorough solution in order to shift their infrastructure to the cloud. As part of that process, both Google and AWS are creating a wide variety of security and management solutions to help with the transition.
A key part of those ancillary services is providing identity management. When data centers and servers were in-house, IT organizations could leverage Microsoft Active Directory or OpenLDAP to control user access. In the cloud, though, there are multiple layers of access control required. With a web-based management console that controls who can do what inside the cloud infrastructure solutions, IT admins now have a new layer to control. There is still the server level access control that was required previously as well.
Comparing Google Cloud IAM vs AWS Directory Service
For Google Cloud, their IAM solution is focused on controlling access to the web-based management console. Cloud IAM can set fine-grained permissions on who can do what inside the platform. For example, what users can create projects, modify them, and change configurations. Cloud IAM can set roles, groups, and policies around that level of control. Of course, AWS has a similar web-based management console identity management solution called AWS IAM.
When comparing Google Cloud IAM and AWS Directory Services, though, there are distinct differences. AWS Directory Service is really either SAMBA or Active Directory® under the hood. AWS is trying to give IT admins the ability to control user access at the hosted server and desktop level. Their services are really meant to connect to on-prem Active Directory implementations to extend those identities to AWS servers and desktops. Of course, this requires that you maintain at least two sets of identity management solutions and also manage them. It should be noted that AWS Directory Service is really meant for AWS similar to how Google Cloud IAM is meant for Google Cloud.
Neither Google Cloud IAM nor AWS Directory Service solves the problem of creating an authoritative cloud directory service. As more organizations shift to the cloud, IT admins want to replace their on-prem Active Directory platform with a cloud identity provider. Unfortunately, both IAM solutions from Google and AWS fall short.
A Complete Solution from JumpCloud®
A new generation of IDaaS platform has emerged to rectify this problem. Called Directory-as-a-Service®, this independent cloud identity management solution is creating one central, authoritative identity provider across platforms, providers, protocols, and locations. Directory-as-a-Service securely manages and controls user access to systems (Windows, Mac, and Linux), cloud and on-prem applications, and networks. This approach creates the cloud identity management platform that IT organizations are searching for.
If you would like to learn more about Google Cloud IAM vs AWS Directory Service, drop us a note. We’d also be happy to share more about the IDaaS market landscape and how our Directory-as-a-Service platform fits in with these provider-centric user management solutions.