Moving to cloud infrastructure has helped organizations save on costs, increase productivity, and improve agility. That’s why the public cloud market is expected to be worth $178 billion in 2018. However, a rapidly changing IT environment has introduced new security concerns that make traditional methods for securing the network inadequate. So how should organizations go about securing IT infrastructure in the cloud era?
After 20 years of IT experience, my answer would be to consider shifting to a cloud native IT infrastructure. Cloud native refers to a resource that utilizes public cloud infrastructure that wasn’t available twenty years ago. Cloud native doesn’t just mean moving resources to the cloud, though. A cloud native resource is designed specifically for cloud computing architecture and is created with security and scalability in mind. When applied to IT infrastructure, organizations can take advantage of the efficiencies, scalability, and security that cloud native resources have to offer. At InsideTrack, Inc., we have successfully transitioned over to a cloud native IT infrastructure, and have recently released a whitepaper that discusses the advantages of doing so. You’re welcome to read that here.
Below, I discuss some of the disadvantages of traditional IT infrastructure, and the elements to consider when shifting to a cloud native approach.
So, let’s take a look at IT infrastructure in the past, and how IT admins used to secure their network.
Securing IT Infrastructure in the Past
Two decades ago, IT environments consisted of on-prem resources that were mostly Microsoft-based. Because virtually every product a user leveraged was from Microsoft, authentication and authorization was managed by Microsoft® Active Directory®. A user would simply login to their Windows® system that was wired into the network, and then they would have access to their email (Exchange®), productivity software (Office®), and files (Windows File Server®). To secure this environment, IT admins relied heavily on the firewall to keep intruders out and to secure communication within. Their method for securing the network was very much “hard on the outside, soft on the inside”.
However, the IT landscape today is radically different than it was twenty years ago. Users are utilizing Mac and Linux systems, networks are wireless, and the cloud has transformed data centers, applications, and file storage. These changes have impacted securing IT infrastructure in a couple of different ways.
New Innovations Give Way to New Challenges
First, it’s no longer adequate to solely rely on a firewall to protect the network. Why? Well because these days, all a hacker needs is the right user’s credentials, and they have access to an organization’s entire digital kingdom. This means IT admins need to consider adopting zero trust network architecture. In other words, they shouldn’t assume traffic in their environment is trusted until proper authentication and encryption have occurred.
But, secure authentication hasn’t been the easiest because Microsoft Active Directory was created to integrate with on-prem resources that are part of the Microsoft ecosystem. The new resources that are surfacing defy both of these qualities, so securely authenticating and authorizing users to these IT resources has become challenging. So, how can IT organizations ensure that only authorized users are accessing approved tools in a cloud native environment? Are there any considerations that IT admins need to take when integrating a cloud native resource?
To effectively manage cloud native resources it makes sense to use a cloud native identity provider, and there are factors that IT admins need to consider when evaluating a cloud native solution.
Considerations for Adopting Cloud Native IT Resources
When adding any cloud native resource to your infrastructure, there are a few elements that one should look for regardless of whether it is an application or an identity provider. A cloud native resource should have the following:
- A Public API
- Standard SaaS protocols like SAML and OAuth
- A free account
- Thorough, public documentation
- Self-service support options
- Monthly pricing and monthly billing
- OS agnostic
- Real-time collaboration
- Transparent history of incidents and outages
These characteristics speak to the security within the product, how scalable the solution is, the solution’s reliability, and how the solution will impact end user and IT productivity. Let’s take a closer look at some of these characteristics by seeing how they are emulated in the cloud native identity management provider – JumpCloud® Directory-as-a-Service®.
Since IT environments are moving towards using a variety of platforms and providers, a cloud native solution needs to be OS agnostic. JumpCloud offers system management for Mac, Linux, and Windows systems. So, with JumpCloud we don’t treat MacOS as a second class citizen in a Windows first world. Instead, both platforms receive strong support and IT managers are free to let the employee follow their preference or choose the system for them.
Public API’s are often indicative of strong security practices and they help automate processes. In the case of an identity provider, JumpCloud’s public API is critical to providing a real alternative to Active Directory. It’s also essential in moving forward with remote enabled and cloud native infrastructure while continuing to enjoy common enterprise controls of end user systems.
Self-service enables organizations to do more with less. JumpCloud’s self-service portal allows users to reset their own password without putting in a service desk ticket. Since we began using JumpCloud, we have nearly eliminated that class of ticket from our monthly ticket volume. This has allowed us to devote more time on higher priority initiatives, without having to hire more staff. We’re able to do more with less.
Monthly Pricing and Monthly Billing
Given that new solutions new and often better or cheaper solution arise nearly every month, it’s critical to consider the cost/benefits of making annual commitments to a service. Solutions that offer monthly pricing and billing are demonstrating that they are confident in their solution and will remain competitive without resting on an annual or multi year commitment. JumpCloud offers monthly pricing and billing, and an annual contract. Find more information about JumpCloud’s pricing here.
Securely Manage Native Cloud IT Infrastructure with JumpCloud
Most companies like ours who had Active Directory centered authentication and authorization infrastructure may not even know there’s an alternative. While there have been marginal alternatives, not until JumpCloud was there a cloud native solution that not only covers the minimum replacement needs of Active Directory, but goes beyond it. JumpCloud goes above and beyond by providing powerful DevOps like controls and an API that can be used to generate reports that Active Directory was never able to.