By Vince Lujan Posted August 12, 2017
As the world shifts to the cloud, one question that IT admins are asking themselves: are hosted identities more secure? In order to answer that question, we need to step back and understand the complete identity and access management landscape.
Historically, IT admins have controlled identities. It started in the early 1990s with the creation of LDAP – arguably the modern kick-off of identity management as we know it. Microsoft picked up LDAP soon after and ran with it to create Active Directory®, becoming the market share leader.
It was an on-prem solution aimed at Microsoft Windows infrastructure. IT admins would install, configure, manage, and maintain their identity provider, Active Directory, on-prem. They had control over the security of their network – which was critical since much of the protection for AD was borne by the network itself.
That doesn’t mean on-prem networks were impervious to attacks. Having to be hardwired in was just another hurdle a potential attacker would have to surpass. If somebody was able to get into your infrastructure, chances were that they could get to your identity provider. As any seasoned IT administrator will tell you, a compromised identity is like handing over the keys to the kingdom. So it’s no surprise that controlling access to a user’s credentials have been something that IT admins haven’t wanted to let out of their grasp.
Hosted Identities are the New On-Prem
The modern approach to identities presents different challenges. End users have their identities in a wide variety of places including web applications, cloud infrastructure, and on-prem. While this has offered significant improvements in productivity, it also means attacks on user identities can come from anywhere at any time. How should IT manage these identities?
Centralizing cloud identities is critical. Administrators can do that with a cloud identity management platform, which will provide hosted identities for their domain. With a hosted cloud directory service, there are multiple layers of identity security to help protect identities. For example, IT can enforce strong passwords through password complexity management and also multi-factor authentication. Those identities will be securely hosted in the cloud with one-way hashing and salting of passwords, which can also be leveraged across G Suite, Office 365, AWS, SaaS applications, and on-prem systems and WiFi.
Secure Hosted Identities
Organizations are going to move to the cloud, so having control and security for identities is critical. Directory-as-a-Service® gives you hosted identities, but in a way that provides you with the control, visibility, and security that you need. Admins can centralize control over their domain and implement multiple layers of security for users and resources regardless of where they are located, and revoke access in an instant if the need arises. So to answer the question, hosted identities can be secure via a cloud hosted directory service.
If you would like to learn more about how hosted identities can be more secure and why Directory-as-a-Service may be the platform for your organization, drop us a note. Alternatively, sign-up for a free IDaaS account and see what a true cloud directory could be for you. Your first 10 users are free forever.