By Rajat Bhargava Posted February 2, 2016
Before the turn of the century, an organization’s IT infrastructure was behind the firewall. This allowed IT to control all aspects of it. As example: If a new application needed to be implemented, it was done through IT. If laptops or desktops needed to be purchased, the equipment were procured by IT. Servers were placed in either the on-premises data center or their collocated space. The network perimeter was alive and well. To ensure traffic was safe, IT would place firewalls and ingress and egress points. Because virtually all IT assets were behind the firewall, an identity management program could easily connect to and manage resources.
Erosion of the Network Perimeter
Then at the turn of the century, the network perimeter started to erode with the introduction of cloud-based services. Salesforce was one of the earliest players to shift solutions to the cloud with their CRM product. Sales and marketing data started to live outside of the organization’s four walls. Amazon Web Services (AWS) showing up in the mid-2000s drastically changed the network and created a whole separate infrastructure outside of an organization. Then, Google Apps furthered that by pushing email and documents out to the cloud. The floodgates were, metaphorically, open. The result pained IT: Users became more mobile and leveraged different platforms. Employees purchased applications to solve virtually every problem. Few of those applications lived on-premises.
IT struggled to keep up. With resources all over the world, on different platforms, and being controlled by employees rather than IT, you could say it was chaos. Mainly because IT didn’t even know what was in use within the organization. Nor did they have a way to manage, support, and control the assets. Their IT systems were still made for a different era, when everything was on-premises. With the cloud dominating, the identity management infrastructure was archaic, needing to be on-premise and managed onsite.
Introduction of Directory-as-a-Service
Historically, IT organizations have utilized on-premises directory solutions, such as Microsoft Active Directory or OpenLDAP. Both of these solutions were created during the era of a hard network perimeter. Because of that, IT was held back from being able to control and manage IaaS, SaaS solutions, mobile workers, and more.
Nowadays, the network perimeter is an ethereal concept rather than a reality. With WiFi infrastructure leading on-premises networks and little to no equipment stored onsite, the perimeter is each endpoint. The current challenge for IT is connecting all of the disparate users and endpoints to all the IT resources they need. Cloud-based IT resources come in all flavors and sizes, which causes IT to struggle to leverage legacy directories as the mechanism to connect users to these innovative, new resources.
The vanishing perimeter has been a catalyst in creating a new generation of cloud-based directory services, known as Directory-as-a-Service (DaaS). This central, cloud-based user management system connects users to whatever resources they need, including devices, applications, and networks, regardless of their location and the authentication protocol they leverage. In short, DaaS creates a secure network of connections from a user to all IT resources, without the presumption of an internal network. It’s a brilliant way to leverage the next generation of cloud technology while still maintaining control and security over IT resources.