By Greg Keller Posted February 16, 2016
User management may be the most critical task in IT, because it’s the most challenging yet vital task in the cloud era. IT admins must securely connect users to the IT resources they need, independent of location and device.
Today’s organizations live on data. That data is produced, consumed, and exported from applications and devices all across the world. The issue for IT is how to control who has access to what, and when. With privacy laws and confidential information increasing, user management control is becoming more complex. Traditionally, organizations have leveraged on-premises user management systems; but with the industry’s move to the cloud, virtual user management platforms are now leading the way as the secure solutions.
Then: On-Premise Walled Directory Services
Historically, user management systems included directory services solutions, such as Microsoft Active Directory and the open source solution OpenLDAP. These solutions worked as a central user data store for identities and what those identities could access. Generally, the users and the systems were on-premises, or they were connected securely through a private network. IT had control over the complete environment, since the environment was contained. Users could be provisioned, terminated, or modified within the safety of the on-premise network. If a user wanted to use the system illegitimately, they had to be on-premises. In this regard, physical proximity offered another layer of safety.
Traditional On-Premises Directories No Longer Suffice
That was then. Nowadays, the cloud has forced us to address that the traditional model for user management won’t suffice. Not only are credentials still needed within the network, but they’re also needed outside the network too. More so, those credentials are being used most often outside the network, where traditional models of user management are incapable of reaching. What’s more, every application has its own set of credentials. Cloud infrastructure, such as cloud servers, all need their users managed. The legacy model of an on-premises identity provider lacks the flexibility and security to successfully work in this new cloud-based world.
Now: Virtual User Management Solutions
So, what’s the answer then? How can you securely manage all credentials and users? A cloud-hosted, virtual user management platform is the answer. Often called Identity-as-a-Service (IaaS) or Directory-as-a-Service (DaaS), the solutions offer one core difference from on-premises or other cloud-based user directories:they are platform, device, and application agnostic. Meaning, Directory-as-a-Service leverages a variety of protocols, including LDAP, SAML, RADIUS, SSH, to natively connect to the IT resources. Additionally, users are authenticated, often using multi-factor authentication, and authorized as appropriate based on groups, permissions, or their credentials.
Directory-as-a-Service Offers Centralized User Control
The core benefit of using Directory-as-a-Service is that IT organizations have one central, virtual user management system that can be utilized to control access to wide variety of IT resources. In fact, this approach to centralizing user access resembles True Single Sign-On, rather than the oft-mentioned web application SSO providers. One set of credentials can be utilized to integrate systems, on-premise and web applications, and the WiFi network. A single user creation or termination event can propagate through to numerous IT resources.
A virtual user management platform can be a key part of an organization’s identity and access control strategy. To learn more about how Directory-as-a-Service can help, drop us a note. Or give JumpCloud’s DaaS a try for yourself. Your first 10 users are free forever.