By Rajat Bhargava Posted September 21, 2015
As the cloud directory services space heats up, a number of vendors will come out with claims that their solution is a cloud-based directory. But how do we separate the real deal from offerings that aren’t a complete solution, “poser” directories?
This topic gets at the heart of what a directory service is and how it works being delivered as a cloud-based solution. There are six major criteria of a cloud-based directory that IT admins should pay attention to:
Hosted in the Cloud
Although it should be obvious that cloud-based directory should be hosted in the cloud, some vendors will try to tell you that their “cloud” directory requires an on-premises user store to sync with. A cloud-based directory should be stand alone in the cloud and have all of the functionality based from the cloud. Having an on-premises copy that syncs to the cloud is, well, an on-premises directory!
A core part of directory services is the ability to authenticate devices. But there are a number of vendors in the space that believe that devices aren’t a critical aspect of directory services. Their thinking goes that as more organizations leverage the cloud, cloud applications (not devices) are what really matter.
While there is a significant movement to the cloud, it is important to remember that the devices that access those cloud-based resources are part of the chain. A compromise in one link can cascade to the Web-based applications. For that reason, machine authentication should occur for all major device platforms. Just authenticating Windows® devices does not make a cloud-based directory.
Another essential part of on-premises directory services is machine management. This requires executing policies to secure the device. Microsoft® Active Directory® has done it for over 15 years and now cloud-based directories are doing it in the cloud for all platforms. Top cloud-based directories ensure tight policies and control over not just Windows devices, but Mac and Linux machines as well.
SaaS-based application integration
Integrating with a whole category of solutions that manage access to SaaS-based applications is another critical element of a cloud-based directory. Because of this, several single sign-on providers have emerged over the last decade to manage a single point of access to Web applications. These SSO providers need credentials for each user and they can get those from a cloud-based directory service.
On-Premise Apps (LDAP)
A cloud-based directory can’t only work in the cloud. Many organizations have legacy devices and applications that are located on-premises. Some of these applications will connect to a directory via LDAP. While there are many new authentication protocols in use on the Web, LDAP is still a staple protocol that any cloud-based directory service must support.
As networks move to be wireless, there is a risk for organizations that weak security will cause a compromise. WiFi networks need to be supported through a directory service. Requiring users to authenticate with their corporate credentials is a significant step up over just an SSID and passphrase. A cloud-based directory needs to leverage RADIUS to connect back to an organization’s WiFi infrastructure.
Separating Posers from Real Cloud-Based Directories
IT organizations should look carefully at claims of being a cloud-based directory. Create a list of the core attributes that you need in your directory services and ensure that your solution can get you there. A cloud-based directory that forces you to purchase multiple directory products isn’t really a cloud directory!