Why Multiprotocol is Future of IAM

Written by Rajat Bhargava on June 16, 2016

Share This Article

Imagine a world where there was only one operating system, only one coding language, and only one protocol.

Some IT admins say this is what heaven looks like.

But would it really be so great? Sure, there would be consistency and simplicity. But what about the rich plethora of intricacy that our current smorgasboard provides?

I’m here to tell you that a multiprotocol environment isn’t just better for IT, it’s inevitable.

So if you’ve been holding out hope that the myriad protocols are going to consolidate into “one protocol to rule them all,” you’re out of luck. (It didn’t work for Sauron, it’s not going to work for you.)

How am I so sure that the future will be multiprotocol?

We work with protocols every day at JumpCloud. That’s a necessary part of bringing the directory to the cloud through our Directory-as-a-Service® (if you want a primer on how that works, you can find one here) and that means we have become experts in user identities – authenticating them, managing them, securing them, you name it.

Protocols are a foundational element of identity management. And, of course, sometimes I think about how much easier a job our team would have if all IT resources supported the same protocol.

But that’s not how it is. Devices support specific protocols, applications support another set (and different types of applications support different ones), and network devices support yet other protocols.

Why Can’t We Consolidate into One Protocol?

LDAP is often used for Linux systems and applications. Kerberos is used mostly for Windows.

RADIUS is for VPNs. SAML is for web applications. OAuth for cloud applications as well.

This is an oversimplification, yes, but it captures the diversity of protocols and their applications. The reason for these distinct uses is partly due to the form of the protocol itself and partly just because that’s the way that things developed.

And boy, have things developed. The modern office is more decentralized than ever before, with IT resources ranging from on-premises to the cloud and back again. There are so many resources and so many different protocols (Wikipedia’s list of network protocols includes over 30 different protocols and it is not exhaustive by any stretch of the imagination).

If there had been a master engineer orchestrating the development of everything from the dawn of digital communication, then maybe we could have a single unifying protocol. But, that’s not the way things are. Chaos has been too much a part of the creation.

Now that things are this way, the concerted effort that it would take to consolidate everything is inconceivable. It would take all the IT teams in the world all their lunch breaks for the rest of the year just to put a dent into a project like that.

We’re past the point of no return.

Making the Most of a Multiprotocol World

Dealing with LDAP, Kerberos, RADIUS, SAML, OpenID, TACACS, and Oath all at the same time may sound like a nightmare scenario – and it often is. But I’m telling you that it doesn’t have to be.

Here’s what makes multiprotocol environments hellish: when your identity management solution isn’t compatible with the protocols associated with your resources. Without a centralized system of identity management, the IT department is forced to constantly be bending over backwards and adapting – creating a multi-headed monster that’s frustrating to manage and inefficient.

Like I said at the beginning, protocols are tightly linked with identity management. The path to making a multiprotocol environment that is highly functional, efficient, and stress-free is to leverage an identity management solution that supports the entirety of protocols at use in your organization.

You’re probably thinking, “Great. But my resources are spread out all over and use a ton of different protocols. How am I going to find an identity management solution that supports all of the protocols I need? Active Directory certainly doesn’t.”

Well, you wouldn’t be the first person who I’ve surprised when I explain how a directory service works in the cloud.

A Directory-as-a-Service® can be so versatile that it can work as an extension of Active Directory or a standalone directory. It can even import all of your users from Google Apps and use that as a fully featured, core identity store.

If you’re interested in finding an identity management plan that excels in a multi-protocol environment, then I strongly recommend that you check out JumpCloud’s DaaS. It’s free to try for the first ten users. If you have any more specific questions you can contact us directly through our contact page.

Continue Learning with our Newsletter