By Greg Keller Posted October 14, 2014
Directory-as-a-Service® is applicable to a number of organizations, but maybe not all. In this post, we’ll break down who should look at a unified cloud directory service and some organizations that just may want to pass on it.
Let’s start with explaining what a cloud hosted directory service is first. A cloud-based directory provides organizations with the ability to authenticate, authorize, and manage users, devices, and applications. Or said another way, Directory-as-a-Service creates the secure connections between employees and the IT resources – devices and applications – that they need. Further, it helps ensure that the organization is secure by setting access control and policies via user and device control.
At JumpCloud®, our belief is that just about every company on the planet has a directory service – whether that is Microsoft Active Directory, OpenLDAP, or a pseudo directory like the Google Apps user store, virtually all organizations have a roster of their employees in some system. Further, as organizations grow in size, the need to have a single, secure directory of record becomes more critical – including controlling access, passing audits, and increasing security. Unfortunately, directory services are generally time consuming and expensive to implement, hard to manage, and difficult to keep secure.
This leads to the question, who should leverage a cloud-based directory? In short, the answer is that most companies can leverage it effectively. However, there will be some organizations that just cannot leverage a cloud-based system. For instance, some military installations and virtually all classified systems will not be allowed to leverage public cloud-based solutions. Very large enterprises that have a number of systems tethered to their on-premise directory service with custom integration will find difficulty in switching to a cloud-based directory completely. They may, however, be able to use it for parts of their organization through mirroring of their on-premise directory with a DaaS solution. Outside of those few examples, Directory-as-a-Service should be an interesting alternative to most others.
Let’s take a look at the four major use cases of Directory-as-a-Service that can help us understand who may be interested in a cloud directory:
A number of organizations leverage OpenLDAP for their directory. Generally, these are technical organizations or those that have strong technical skills. These companies or groups are ideal candidates to leverage hosted LDAP. Many of these admins and ops personnel are highly skilled and managing LDAP becomes a time sink. These employees could be spending their time on higher priority items, say, leveraging a SaaS-based solution for the LDAP instance. In fact, you should hear what LDAP co-inventor Tim Howes has to say about DaaS.
Mirroring of AD/LDAP/Google Apps
Companies that are leveraging cloud infrastructure – systems and applications such as infrastructure-as-a-service or managed services – are excellent candidates to leverage a virtual identity provider. Most organizations are either manually managing user access through a configuration automation tool such as Chef or Puppet or they may be managing an OpenLDAP instance in the cloud. Either way, these organizations are not leveraging their core user store which is translating into inefficiency as well as an increased security risk. If you are leveraging cloud infrastructure and manually managing user access, you can off-load that task with a cloud-based directory.
Replacement of Active Directory
Many organizations struggle with the time and expense of Active Directory. As their organization becomes more diverse with Macs and Linux devices, AD loses a great deal of its allure. There are a number of organizations that were essentially “born in the cloud” where they are leveraging cloud-based services such as Google Apps, Microsoft Office 365, and others. As these organizations grow, they need a central directory service. Unfortunately, until Directory-as-a-Service, their only options were AD and OpenLDAP. These organizations are great candidates for a cloud-based directory.
The second group in this category is comprised of existing organizations that have moved to GApps or O365, but still have AD. They have one foot in each camp – one in the cloud and one on-prem. These organizations are excellent candidates to move completely to the cloud and leverage a virtual identity provider. Finally, there are also companies that are just looking to remove their dependence on AD, Exchange, and domain controllers. They would prefer to be completely in the cloud. For these types of organizations, a DaaS service combined with GApps, O365, or other hosted email ends up being an excellent alternative.
Management of Macs like PCs
Including Mac devices and managing them as first-class citizens is critical for a number of organizations. Generally, these organizations are larger, are more concerned with security, and have significant Mac fleets. As mentioned earlier, a modern Identity-as-a-Service solution not only authenticates and authorizes users with their devices, but it also manages the devices.
Modern organizations that are leveraging the cloud are ideal candidates for SaaS directory services. IT admins at these companies know first-hand the challenges of managing access to cloud servers and infrastructure. Further, many of these companies are leveraging Google Apps, Office 365, and Macs, so they know all too well the pain of user and device management. The cloud era is an opportunity but also a significant risk for organizations. A modern directory delivered as a SaaS-based service capitalizes on the opportunity while decreasing risk for smart organizations.