While the cloud makes setting up servers simple, it complicates matters significantly for managing users. IT pros have been managing users within an organization for decades. With Microsoft’s Active Directory (AD) or OpenLDAP, the management of users is straightforward on premises and consistent on a day-to-day basis. That is, it’s largely manageable if you are just Windows, but unmanageable in a mixed-platform environment. The challenge has been the difficulty of setting up and managing AD, which is clearly an enterprise-scale solution. The cloud has introduced a whole new paradigm with extreme speed, elasticity, and automation, rendering existing methods of identity management largely useless.
The cloud is built for speed and agility with the ability to burst up and tear down instances in seconds and based on automated inputs such as application load or traffic. The old school directory services model was not built for the rapid changes possible in the cloud. Steps in user management were deliberate and manual. Admins can no longer be involved in every step. They need identity management systems that can handle the scale and dynamic nature of the cloud.
No Clear User Directory Service
With users and IT resources potentially all around the world, what directory service do they talk to? And how can they be kept secure? Many companies utilizing the cloud are using Google Apps and/or Microsoft Office 365. Neither Google Apps, nor Office 365, nor Microsoft’s Active Directory, the leading on-premises directory service, inherently support creating user accounts across cloud servers at, say, AWS or Digital Ocean.
While Google Apps can be utilized as a user data store, any of that connective code needs to be provided by the organization to have those users populated on a server. Active Directory or LDAP is a little easier. However, the complexity of running central directory services across multiple clouds makes it a non-starter in a multi-cloud environment. Most organizations have just opted to manually recreate their users on servers or within another tool rather than trying to integrate Google Apps / Office 365 or AD / OpenLDAP. This lack of integration is a significant loss of productivity for DevOps and IT pros.
Multiple Providers And Platforms
The days of geographic centralization and a homogeneous platform are long gone. Today, cloud servers can be placed anywhere in the world. Sometimes, organizations have little control over where the cloud provider places their server. Further, Linux has grown exponentially over the years as a cost-effective server platform. Consequently, organizations are no longer reliant on solely Microsoft solutions. The variability in providers and platforms adds another dimension of complexity to the directory services equation. In addition, your authentication infrastructure needs to be as cloud-scalable as the rest of your environment. Accomplishing that is very expensive and requires highly specialized skills.
The largely forgotten step of user management, monitoring of user access, is made all the more difficult with cloud servers. With servers in any number of locations, different platforms, and ephemeral instances, how do admins collect all of the user logs, centralize them, and then analyze the results? Even if they are able to do that, how will they be able to accurately detect real compromises from false alarms if they have a mobile workforce?
The Answer Is One Identity To Rule Them All®
The cloud has effectively blown up the standard operating models of user management. Drop us a note to learn more about how Directory-as-a-Service® from JumpCloud® can solve your user management issues in the cloud.