By Vince Lujan Posted August 16, 2017
Identity security describes the proactive approach to safely controlling user and system information that is used to authenticate and authorize user identities for access to secure resources. It is an essential aspect of the identity and access management (IAM) space and serves as the cornerstone for security in any organization.
In house identity security
Identity security has always been an important consideration for IT admins, which is why we have directory services like Active Directory® and OpenLDAP in the first place. Without an authoritative identity provider (IdP), each end user would be responsible for making sure their credentials are secure. Not only is this inefficient, but it would require that each user be adept in the best practices for securing identities. When you consider the most common passwords for 2016 were ‘12345’ and ‘password’, according to Time magazine, it’s easy to see how this approach is far less secure than extensively tested and proven solutions managed by security experts. Additionally, there would be no way to authenticate user identities to authorize access to the domain.
Active Directory solved this problem by implementing the concept of a domain controller — essentially the bouncer for your domain. Back when everything was on-prem, a server dedicated to authenticating and authorizing user identities and requests for access made a lot of sense. However, many admins are beginning to discover the limitations of traditional approaches to identity security as more and more infrastructure transitions to the cloud.
Why is identity security important?
Experience has taught us that identity security is the foundation for a secure IT infrastructure. The challenge is controlling the flow of information to allow for frictionless access for the right people while minimizing the risk from potential attackers. Shifting identities to the cloud has only added complexity to this balance.
As any admin will tell you, a compromised user identity can be devastating — especially when you consider the modern user identity is spread across a huge variety of resources. As a result, the thought of hosted identities makes a lot of admins uneasy. Yet, that won’t stop the world moving to the cloud. So what is an IT admin to do in this new, uncharted territory?
Identity security in the cloud
Fortunately, the IAM market is exploding with new solutions aimed at securing cloud identities. What they don’t tell you is that most of them still require an on-prem directory service instance, typically Active Directory, to act as the authoritative IdP.
Directory-as-a-Service® is unique in that it serves as a comprehensive cloud replacement for your on-prem directory service with the power to centralize control throughout your domain. Think of it as the directory service for the cloud era, which provides platform agnostic management for users and resources both on-prem and in the cloud.
Directory-as-a-Service utilizes multiple cryptographic functions to ensure that user credentials are entered and stored using the latest one-way hashing and salting techniques, and never stored or transmitted as plain text. Further, all data is encrypted at rest and in transit. We also encourage lengthy, complex passwords in conjunction with multi-factor authentication (MFA) to add additional layers of security at login. Admins can also utilize SSH keys as an alternative or in addition to customized security settings. Directory-as-a-Service provides these options so admins can apply various levels of security that are appropriate for different roles, groups, and their organization as a whole.
Admins can leverage secure identities to provision or restrict access to resources at an individual or group level, configure custom password complexity settings, run commands against individual or groups of systems, and much more. Users can then federate their core JumpCloud credentials to any number of resources like systems, applications, email, RADIUS, and much more — thus, providing True Single Sign-On™ to any of their provisioned resources.
If you would like to learn more about how Directory-as-a-Service can secure your cloud identities, drop us a note. Alternatively, sign-up for a free IDaaS account and see what a true cloud directory could be for you. Your first 10 users are free forever.