Owning Your Own Identities

By Rajat Bhargava Posted March 31, 2016

As an IT leader, one of the core assets that you have been entrusted with is your organization’s identities. Employee and contractor identities are the keys to your electronic kingdom. A compromise of the right credentials can be catastrophic; just ask Sony. The question becomes, what does it mean to control your own identities? Luckily, that’s easy to answer: the center of your identity management infrastructure is your directory services.

Identity Security is Best Served One-Way Hashed and Salted

Owning your identities begins with security. You’ll want to make certain that your identities are stored in a secure manner. The best way to ensure identity security is to have them be one-way hashed and salted. You’ll also want to make sure that your user management system has the appropriate technology in place to make it harder to compromise credentials. Generally, this is accomplished by creating complex passwords and rotating them on a regular basis. Here’s an interesting thing to note: increasing security isn’t synonymous with owning your own security or core identity management system. So, what does ownership really mean? Owning the security of your identities means knowing what the security infrastructure is, why you are placing them in their given locations, and ensuring that your identities can be portable if you don’t like the security situation.

Put a Lock on IT Resource Acquisition

Another reason to have control over your identities is that it ensures the acquisition of the right IT systems for your organization. Legacy directory services, such as Microsoft Active Directory and OpenLDAP, lock you into certain systems or protocols. With AD, it’s all about Microsoft Windows. AD’s mission was to seamlessly connect Windows networks. If you are leveraging Macs, Linux, cloud applications, or Infrastructure-as-a-Service, among others, you are out of luck. It’s not going to work as well as it does with the supported OS. OpenLDAP is biased towards the LDAP protocol. And, if you need help with SAML, Kerberos, or RADIUS, you are going to have to find another path. Putting your identities into an Identity-as-a-Service platform can help you stay agnostic, and that means your organization can leverage whatever IT resources they need.

Vendor Lock-in: Buyer Beware  

The market for owning your identities is heating up. Microsoft, Google, and Amazon are all fighting for your corporate identities. The reason? Lock-in. If your identities are with them, then there’s a good chance you’ll become dependent on  their platforms: with Microsoft, it’s Windows, O365, or Azure; with Google, it’s their Apps for Work platform;with Amazon, it’s AWS. Each vendor wants to create your identity infrastructure, but it’s not because they want to give you the best possible identity management solution. It’s simply a means to an end. Storing your identities with them translates into additional revenue elsewhere. You even have to be wary of all those free directory services. They are just leading you to vendor lock-in, too.

DaaS Holds the Key to Identity Management  

Your identity management infrastructure needs to be your own. That doesn’t mean you need to create and manage it yourself, it just means that you need to be in control. More and more organizations are using  the agnostic Directory-as-Service platform precisely because it isn’t tied to a single vendor, and it is device, application, and protocol independent. If you’d like to have more control over your user identities, take a look at DaaS. Or, drop us a note. It might just save your organization a great deal of pain.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts