Modern identity management is a pretty significant departure from the identity management approaches that organizations have taken over the past two decades. As computers became networked en masse in the early 1990s, the concept of controlling access to IT resources became more critical.
Back then, managing identities was largely an operational issue. Today, identity management is as much a security function as anything else. Modern identity management is about securely managing and connecting user identities to the IT resources those identities need. IT resources can range from systems to applications to networks. In other words, identity management is at the core of every IT organization.
IT Foundation Shifts, Dominant Platform Emerges
Identity management has changed a great deal over the past two decades. It had no choice but to evolve, because the underlying IT environment has shifted so dramatically during this time.
Not that long ago, Microsoft Windows was the dominant platform and PCs were the norm. Everything was hosted on-premises and the concept of IT services delivered all across the world didn’t exist yet. IT teams tightly controlled user access to resources. Management of users and devices was usually achieved through manual account creation and management. This was adequate because a user needed relatively few accounts.
Over time, some tools appeared to help solve the management issue of provisioning, deprovisioning, and modifying accounts. Tim Howes, an advisor to JumpCloud, created the open-source protocol LDAP which spawned OpenLDAP as a core directory service. Microsoft created Active Directory in 1999, and it later became the most dominant platform in the market.
Forward-Thinking Organizations Push to the Cloud
Then something funny happened. The IT world elevated computing to a higher level by returning to its roots.
Prior to the PC and the networked environment, computing was done on a time-shared basis at computing centers. Essentially, it was a cloud v1.0. Organizations didn’t own computers; they rented them and used their time to accomplish goals.
In the last decade, Salesforce, Google, and Amazon have applied these old concepts to the new era of cloud. Cloud-based applications, storage, and virtual machines have been a huge success, leaving an indelible mark on the IT landscape.
Forward-thinking IT organizations have taken advantage, improving efficiency by outsourcing core components that they didn’t want to deal with. This can include managing data centers, running email servers, and delivering CRM capabilities to the Salesforce. Benefits of this model include scalability and reduced overhead.
But with every new opportunity in IT, there are challenges.
With cloud computing in the fold, organizations were faced with the challenge of connecting users to these various IT platforms. Their on-premises legacy directories weren’t of much help.
Active Directory and OpenLDAP broke down when the environment shifted to be worldwide, cross-platform, and multi-protocol. Coupled with the cost of maintaining and replacing servers, the goal for many organizations became eliminate all on-prem servers, and be free from the restrictions of these outdated directories once and for all.
Initially, there was no comprehensive solution. Some organizations opted to leverage web application single sign-on solutions to cover their users for cloud applications. Unfortunately, that left critical components, such as their AWS / cloud servers or their new Mac and Linux devices, unmanaged. Their WiFi infrastructure also needed to be secured. Then, legacy on-prem applications required connection via LDAP.
It’s enough for some sysadmins to long for the “good old days” when IT was more homogenous. But cloud apps and infrastructure aren’t going away any time soon. These new IT resources are the new norm and we need to find a way for them to be centrally managed.
Directory-as-a-Service and Identity Management
Directory-as-a-Service® (DaaS) is a modern identity platform that centrally manages user connections to this new world of cloud and SaaS-based infrastructure. Features of a cloud-based directory service include:
- Mac, Windows, and Linux devices are all treated as first-class citizens
- Tight integration with Office 365 and Google Apps, centralizing control over the productivity platform and enabling single sign-on capabilities for end users
- Improved WiFi security that connects the authentication request to the directory service
- Multi-factor authentication at the system level
- Hosted LDAP capabilities eliminate the need to have an on-prem LDAP server
In short, Directory-as-a-Service covers what contemporary organizations need in a modern identity management platform:
If you would like to learn more about how you can bring your organization to the next generation of Active Directory and LDAP, drop us a note. Since your first 10 users are free forever, please sign up for a free JumpCloud Directory-as-a-Service account.