What’s a Real Cloud-Based Directory?

By Rajat Bhargava Posted September 21, 2015

What’s a Real Cloud-Based Directory?

As the cloud directory services space heats up, a number of vendors will come out with claims that their solution is a cloud-based directory. But how do we separate the real deal from offerings that aren’t a complete solution, “poser” directories?

This topic gets at the heart of what a directory service is and how it works being delivered as a cloud-based solution. There are six major criteria of a cloud-based directory that IT admins should pay attention to:

Hosted in the Cloud 

Although it should be obvious that cloud-based directory should be hosted in the cloud, some vendors will try to tell you that their “cloud” directory requires an on-premises user store to sync with. A cloud-based directory should be stand alone in the cloud and have all of the functionality based from the cloud. Having an on-premises copy that syncs to the cloud is, well, an on-premises directory!

Machine Authentication 

A core part of directory services is the ability to authenticate devices. But there are a number of vendors in the space that believe that devices aren’t a critical aspect of directory services. Their thinking goes that as more organizations leverage the cloud, cloud applications (not devices) are what really matter.

While there is a significant movement to the cloud, it is important to remember that the devices that access those cloud-based resources are part of the chain. A compromise in one link can cascade to the Web-based applications. For that reason, machine authentication should occur for all major device platforms. Just authenticating Windows® devices does not make a cloud-based directory.

Machine Management 

Another essential part of on-premises directory services is machine management. This requires executing policies to secure the device. Microsoft® Active Directory® has done it for over 15 years and now cloud-based directories are doing it in the cloud for all platforms. Top cloud-based directories ensure tight policies and control over not just Windows devices, but Mac and Linux machines as well.

SaaS-based application integration 

Integrating with a whole category of solutions that manage access to SaaS-based applications is another critical element of a cloud-based directory. Because of this, several single sign-on providers have emerged over the last decade to manage a single point of access to Web applications. These SSO providers need credentials for each user and they can get those from a cloud-based directory service.

On-Premise Apps (LDAP) 

A cloud-based directory can’t only work in the cloud. Many organizations have legacy devices and applications that are located on-premises. Some of these applications will connect to a directory via LDAP. While there are many new authentication protocols in use on the Web, LDAP is still a staple protocol that any cloud-based directory service must support.

WiFi Integration 

As networks move to be wireless, there is a risk for organizations that weak security will cause a compromise. WiFi networks need to be supported through a directory service. Requiring users to authenticate with their corporate credentials is a significant step up over just an SSID and passphrase. A cloud-based directory needs to leverage RADIUS to connect back to an organization’s WiFi infrastructure.

Separating Posers from Real Cloud-Based Directories

IT organizations should look carefully at claims of being a cloud-based directory. Create a list of the core attributes that you need in your directory services and ensure that your solution can get you there. A cloud-based directory that forces you to purchase multiple directory products isn’t really a cloud directory!

Drop us a note if you have any questions around cloud-based directory services. We’d be happy to chat with you.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts