By Vince Lujan Posted January 4, 2018
Passwords are one of the most important digital assets in IT organizations. They are effectively the keys to the digital kingdom, and compromised passwords have been the primary attack vector for the majority of highly valuable identity breaches in recent memory [CNNtech]. So it’s no surprise that the concept of an outsourced password management system can make IT admins uneasy.
However, IT organizations may not be aware that a next generation outsourced password management platform called Directory-as-a-Service® can actually be more secure than traditional approaches to password management. In order to understand how, let’s first explore the traditional approach.
The On-Prem Approach to Password Management
IT organizations have traditionally leveraged Microsoft Active Directory® (AD) as their identity provider (IdP) for almost two decades. AD is an on-prem directory service solution designed to help manage Windows-based users, systems, and IT resources.
AD introduced the modern concept of a core user identity, and enabled IT admins to manage passwords and configure complexity settings for their AD user identities. End users benefited from an approach to authenticating user access to Windows-based IT resources that allowed them to gain access to everything they needed with a Single Sign-On (SSO) approach. In other words, users simply logged into their Windows machine and subsequently had access to a wide range of Windows-based IT resources.
If they wanted to update their password, they did so in connection with AD and their user access credentials were updated across all of their provisioned resources. It was simple, secure, and straightforward.
Then, the IT landscape started to change in the mid-2000’s with the introduction of web applications, disparate operating systems (e.g., Mac and Linux), cloud infrastructure (e.g., AWS, GCP), and more. AD was unable to manage these new resources effectively. The result was that a variety of cloud-based SSO solutions had to be layered on top of AD to extend user credentials to the cloud.
While third party add-ons were effective at extending AD identities to cloud-based IT resources, their success came at the expense of the end user experience and ease of management for IT.
Suddenly, end users needed to manage a large number of passwords and identities for each add-on. IT admins then had to manage each add-on in addition to managing AD. Thus, adding a lot of complexity and management overhead.
Obviously, IT organizations cannot continue to layer add-ons on top of AD indefinitely. The good news is that a next generation outsourced password management platform is committed to changing that. It’s called Directory-as-a-Service, from JumpCloud.
Hosted Password Management with Directory-as-a-Service
Directory-as-a-Service enables IT admins to create one user identity that can be federated to virtually any IT resource, regardless of platform, protocol, provider, or location. IT admins can then enforce strong password complexity requirements like password rotation, aging, expiration, and more from one web-based administrative portal. IT admins can even require multi-factor authentication (MFA) for access to Mac and Linux systems, as well as the Directory-as-a-Service web application portal.
The result is that IT organizations can shift the burden of tightly controlling identities to a SaaS platform with increased security and ease of use compared to on-prem, legacy directory services. End users benefit from having one set of credentials to access virtually any IT resource, and IT admins will enjoy having One Identity to Rule Them All™.
Watch the following video for a step-by-step walkthrough detailing how to set up and secure the modern office in 30 minutes – without Active Directory:
The best part is that outsourced password management is just the beginning of the cloud management capabilities that the Directory-as-a-Service platform has to offer. We invite you to click on any of the following links to better understand the various components of the JumpCloud platform:
Learn More About Outsourced Password Management with JumpCloud
Directory-as-a-Service provides both end users and IT admins with one set of credentials to authenticate user access to virtually any IT resource. The clod directory empowers IT organizations to outsource password management, while providing the peace of mind in knowing their user identities are secure. Contact the JumpCloud team to learn more about how outsourced password management can help secure your IT resources. You can also sign up for a Directory-as-a-Service account today and start managing passwords and more from one centralized location in the cloud. Your first ten users are free to help you explore everything that JumpCloud has to offer – risk free.