Rethink AD

By Ryan Squires Posted December 12, 2019

Is it time for you to rethink Active Directory® (AD)? Given how embedded AD is in organizations, that might sound like a crazy statement. In fact, many IT admins might not think it is possible to replace AD. The fact is, AD is replaceable. And doing so causes you to do more than rethink AD and instead rethink your entire identity and access management (IAM) strategy.

Directory Services: Forgotten Amid Cloud Innovations

Because directory services serve as the bedrock of most IT environments, it is puzzling that innovations in the space remain slow moving. Innovations shine in several areas of the IAM arena from web application single sign-on (SSO), multi factor authentication (MFA), privileged identity management, governance, and others. But sluggishness in the directory services area remains troubling for organizations looking to move to the cloud. 

You can chalk this up to the fact that AD has for almost 20 years existed as an assumed necessity for any IT environment. Microsoft did well to position it that way. As a result, the innovations listed above recognize that AD lies at the core of an organizations’ IAM infrastructure. Thus, to extend the capabilities of AD to cloud infrastructure, AD served as the foundation on which to build. This situation created increased complexity. 

The truth is, once-new tools like cloud infrastructure from AWS®, web applications, macOS® and Linux® systems, WiFi, mobile, and more have become essential pieces of each IT environment. These are not passing fads. According to TechRepublic’s 2020 IT Budget Research Report, 45% of respondents replied that cloud services “remain top IT budget priorities.” Of course, integrating each one with AD is both complex and costly. This reality has caused IT admins to ask some straightforward yet profound questions like: 

  • If the majority of my infrastructure is shifting to the cloud, why is an on-prem AD infrastructure at the core of my IAM strategy? 
  • With more non-Windows systems in my environment, why am I forced to find workarounds to accommodate the growing number of Linux and Mac systems my users want to use? 
  • Is moving to the cloud mean I’m less secure?

Each Organization Answers Questions Differently

Of course, every organization is unique. Each has different goals, objectives, obstacles, and existing infrastructure. That means, for some, the shift to the cloud will come over time, and their on-prem legacy directory services platform (AD) will remain critical to daily operations. The key here is finding a single solution that integrates with AD instead of four or five independent solutions. For others, the time to move to the cloud is now.  

No matter your timeline though, it is imperative to realize that the network of today looks nothing like the network of yesterday. Providing yourself the ability to manage as many cloud-forward resources as possible from a single interface can pay major dividends down the line. 

If you must use AD, it may not seem possible to replace it. It is. Limiting the number of solutions tacked onto AD is a critical first step as more infrastructure slides out of AD’s grasp. Shifting functions away from AD to a cloud-based IAM platform makes the concept of removing AD much less daunting. Using this strategy can provide organizations a glimpse of how little they actually need AD for today’s IT. Think about the time and capital savings you could cultivate by finding a cloud-based solution and offloading the design, deployment, and maintenance of your IAM infrastructure to a team of dedicated experts. 

Organizations on Their Way or Born in the Cloud 

Some organizations are aggressively moving to the cloud and leaving on-prem infrastructure behind. Others were born in the cloud and all they use are cloud-based resources. 

For those in the first boat, AD is often just a database for users; it has not been tightly integrated or customized. For many of these organizations and their IT departments, AD endures as a prerequisite to a well-established IT environment. But the reality is that they often struggle with the drawbacks of AD, which include incomplete support for non-Windows systems and cloud infrastructure. For many, these drawbacks have inspired them to search out cloud-based alternatives to AD for their cloud-forward organization. This makes sense when you consider that according to TechRepublic, 48% of those surveyed identify cloud investments as the most important chunk of their budget. 

Organizations that were born in the cloud generally just go without a directory. That means they have no centralized way to manage user access to systems, applications, files, or networks. This can work fine for very small, tightly knit organizations that value security, and each user has taken the steps necessary to protect their data. But as they grow it proves difficult to make sure that everyone is following best practices as it relates to identity security. Organizations in this group have the opportunity to leverage a cloud-based directory and completely avoid the pitfalls of AD and its shrinking identity management role. 

Importance of Identity

It is important to realize how critical identities are in today’s IT landscape. Identities are the conduit for employees, consultants, contractors, and others to do their jobs. Hackers know this, so they use identities to infiltrate networks and steal confidential data. To counter these bad actors, “one in four enterprises (1,000+ employees) are increasing 2020 IT spend due to a recent security incident.” (Emphasis is Spiceworks’.) The advice we have is to be proactive and get out in front of potential security incidents, which means rethinking AD and the system it set forth. 

Logging in used to entail utilizing one set of credentials to access to all of the Windows-based resources a user needed. But, that’s not how the world works any more — users have credentials for up to 191 resources. That’s a difficult number of passwords to remember without writing them down in plaintext, storing them in a spreadsheet, or reusing them. The result is that hackers have more resources to exploit than ever before. Ultimately, identities equip users with the keys to the digital kingdom — and those keys have the power to unlock both productivity and potential risk. 

A Cloud-Based Reimagination of AD

For many organizations, the next generation of IAM may still work with AD. Organizations that need a set up like this can extend their AD credentials to all the cloud-based infrastructure they use now and in the future. And for many more, completely replacing AD with a next generation identity provider (IdP) presents an alluring possibility. 

Either way, these modern approaches to directory services are cloud-based, cross-platform, secure, and API-driven. With a cloud-based directory like Directory-as-a-Service®, IT organizations can securely manage and connect users to virtually any IT resource including systems, applications, files, and networks regardless of platform, protocol, provider, or location. Plus, managing these services happens from one web-based console with nothing on-prem to manage or secure. 

Learn More About Directory-as-a-Service

No matter where you stand in your transition to the cloud, rethinking AD and finding a way to simplify your IAM strategy pays benefits now and down the road. If you want to see for yourself, schedule a personalized demo today, or sign up for a free account.

Ryan Squires

Ryan Squires is a content writer at JumpCloud, a company dedicated to connecting users to the IT resources they need securely and efficiently. He has a degree in Journalism and Media Communication from Colorado State University.

Recent Posts