A popular saying is that if you aren’t paying for the product, you are the product. In other words, if Google® provides its users with a cloud identity for free, they are taking something from, or about, those users in exchange.
According to Hackernoon, Google earned $31.91 billion in Q4 2017, $27.27 billion of which was generated by ad revenue. Google personalizes advertisements by taking in user data from all of its services, so while their users don’t pay Google directly, they pay them with free use of their search history, activity, and contributions. Knowing this, let’s try to better understand Google Cloud Identity.
What is Google Cloud Identity?
As with any big company, Google has a mixed reputation. Some criticize it for its liberal exploitation of user data, while others laud it for developing cutting-edge algorithms that enable everyone to navigate the web. Regardless, Google continues to expand its footprint through applications like G Suite™, Gmail™, Google Maps™, and more.
To prevent the unnecessary proliferation of identities, Google built Cloud Identity. Instead of having multiple logins for individual Google applications, users only need one identity, stored in the cloud, that grants them access to everything under Google’s purview. Initially, this solution didn’t go beyond the scope of user management for Google services, but it’s gradually expanding.
To entice IT admins to leverage Google identities further –– and thereby earn more revenue –– Google added single sign-on (SSO) for a select group of applications via SAML, along with basic LDAP support. Google later introduced basic mobile device management (MDM) capabilities for Android and iPhone devices to incentivize the use of Cloud Identity even more. With all these capabilities coming along, some have begun to wonder if they could leverage Google Cloud Identity as a directory service.
Is Google Cloud Identity a Directory Service?
The short answer is: no. The qualities that make up a complete directory service go far beyond the scope of Cloud Identity. Qualifications for a directory service often derive from Microsoft® Active Directory® (AD) because it pioneered the concept, but a number of modifications have been made to accommodate modern needs. As such, a modern directory service must include:
- User management
- Application management
- Server access management
- Cross-platform system management
- LDAP services
- Multi-factor authentication (MFA)
- APIs and headless control/automation
A modern directory service should also be cloud-hosted and operate entirely off-prem, as on-prem operations are losing effectiveness.
Cloud Identity in its current state is unable to check more than half of those competencies. If you’re looking for a cloud directory service or an Active Directory replacement, Cloud Identity may not be the right choice for you.
On the plus side, if your organization relies heavily on Google applications and services, Cloud Identity can still be used for user management and MDM because it tightly integrates with those services. The missing capabilities would still need another service to fill in the gaps, but this can be accomplished by building your own directory.
How to Build Your Own Directory
You can build a custom directory hosted entirely on the cloud by leveraging Directory-as-a-Service® (DaaS) from JumpCloud®. Building your own directory allows you to pay for only what you need now, with the option to expand later on.
For example, if you have an existing G Suite tenant, DaaS will integrate with it and work alongside each individual’s Google Cloud Identity to create a single identity across all major operating systems, web and on-prem applications, file servers, and WiFi/VPNs to ensure your organization’s needs are completely accounted for. User identity, attribute management, and MFA are included by default, but you can choose to add a host of other features as you need.
The first 10 users are free for life, so you can experiment with the product as a whole for however long you want.