By Vince Lujan Posted December 11, 2017
Securing identities has become a critical factor in the overall security posture for modern organizations, especially as more resources are being delivered from the cloud than ever before. Virtual Identity Security describes the practice of protecting user identities that access cloud-based and on-prem IT resources.
The cloud can be highly secure, but only if the correct tools and methodologies are implemented. Attackers know that most organizations leverage virtual identities to authenticate and authorize access to critical resources and information. They also know that once they are in, they can cause irreparable damage.
That is why it is absolutely imperative that organizations stay ahead of the curve when it comes to virtual identity security.
Identity Security in the Beginning
The concept of identity security is nothing new. IT developers recognized the need for a mechanism to authenticate and authorize user identities very early on, which is why we have directory services like Microsoft Active Directory® and OpenLDAP.
Active Directory and OpenLDAP have been the go-to options for managing and securing user identities for decades now. The trouble is they were designed before the cloud came into existence. Therefore, their approaches to virtual identity security are inherently outdated.
Virtual Identity Security with Active Directory & OpenLDAP
Active Directory is focused on protecting on-prem Windows systems and identities. However, it offers little support for Mac and Linux.
Of course, this wasn’t an issue back when Windows was the only show in town. Nevertheless, the IT world has grown to include macOS and Linux systems. The result is that Active Directory is now only a partial solution to a bigger problem, and the lack of management capabilities for these systems presents virtual identity security risks.
OpenLDAP offers somewhat of a more OS agnostic approach to virtual identity security. The challenge is that it leans heavily on the know-how of the IT admin that is responsible for implementation and maintenance. This is because OpenLDAP is an open source directory service that must be built from the ground up and configured granularly.
The result is that OpenLDAP implementations are highly error prone. Considering the fact that attackers only need one way into a network whereas IT admins must protect every possible avenue of attack, it is easy to argue that virtual identity security is best left to the experts.
Virtual Identity Security with Directory-as-a-Service®
In an age of highly sophisticated attacks, Active Directory and OpenLDAP just won’t do. Instead, organizations should consider a modern virtual identity security system that is designed for the cloud era.
Directory-as-a-Service was borne from the cloud, and has grown up with the utmost respect for virtual identity security. As a result, the best practices for virtual identity security are foundational to the JumpCloud platform, rather than third party add-ons to legacy solutions like AD and OpenLDAP.
Directory-as-a-Service leverages only the most secure protocols and best practices for securing identities like virtual LDAP, True Single Sign-On™, web applications via SAML2, multi-factor authentication (MFA) at a system and application level, SSH keys, and WiFi authentication via RADIUS, to name a few.
IT admins can also leverage the JumpCloud administrator console to control virtual identities and systems to provision access to any number of resources regardless of platform (e.g. Windows, Mac, Linux), vendor (e.g. AWS, GCP, O365), or location (both on-prem and in the cloud).
They can deploy commands and set policies on any number of systems and users that govern things like password complexity settings, screen lock timeout, disabling USB ports, and much more to come. IT admins can even pull event data by leveraging the JumpCloud API. Yet, perhaps most importantly, they can revoke access to any user at any time with the click of a button.
Learn More about Virtual Identity Security with JumpCloud
To learn more about how Directory-as-a-Service can help with virtual identity security in your organization, drop us a note. You can also sign up and start securing your virtual identities today. Your first ten users are free forever.