How to Evaluate for a Universal Directory
Evaluating and ranking your options is always an important step to take before making a big decision. It’s even more important when your decision affects the entire organization, such as what cloud directory service best fits your needs. A directory service that doesn’t suit all of your organization’s needs can be a costly mistake, so every significant factor must be accounted for.
Critical Criteria for a Cloud Directory
When IT organizations are considering a cloud directory service, key criteria should stick out at the top of the list. These are often based on the organization’s experience using Microsoft® Active Directory® (AD), as it set the standard for all directory services that followed.
Some of those criteria are as follows:
Historically, access control was available only on-prem for Windows® users in Active Directory. Now, with all the new innovations and demands of IT, there are a host of tools that AD struggles to manage, such as:
- Web applications
- Cloud servers
- Physical file servers
- WiFi and VPN networks
- Non-Windows platforms such as Mac® and Linux®
One of the core benefits of a directory service is centralized management. If your directory can’t support access to all the IT resources your organization needs, you will have to use a variety of add-on solutions in tandem with each other, defeating the purpose of having a universal cloud directory in the first place.
System Policy Control
Active Directory did a wonderful job of policy enforcement on Windows machines through a feature called Group Policy Objects (GPO). However, now that a growing number of IT infrastructures are a mix of Mac, Linux, and Windows systems, it is important for a cloud directory to take a cross-platform approach to GPO-like functions. Without management capabilities of a mixed-platform environment, there’s a greater chance your organization’s compliance policy will be broken and you’ll have less control over critical assets in your network.
Group Membership and User Attributes
Automation in a directory service is critical. It cuts down on the time it takes to provision or deprovision access for users and reduces the chance for error in such processes when done manually.
By creating user attributes, the information that needs to be passed to applications and other IT resources becomes centralized. That information can then be used to determine which users belong to specific groups — or roles, as they’re sometimes called. Placing users into the correct groups/roles lets IT admins automate user access so that their time can be spent on more pressing matters.
Secure User Identities
Securing user identities and organizational data is a top priority for IT admins. The best cloud directory solutions give IT admins options on how to secure access via a variety of means for each network layer, including:
- Multi-factor authentication
- SSH key access for servers
- Password complexity management
Identities should also be stored after being one-way hashed and salted to bring security to a higher level. A directory service that doesn’t provide these or similar features could leave your organization vulnerable to security threats.
Choosing the Right Cloud Directory
As competition in the cloud directory space heats up, it’s important to start by documenting your key needs and requirements. By doing so, you will then be able to choose the best cloud identity provider for your organization.