Over the last two decades, the leading directory service, Microsoft Active Directory (MAD or AD), has focused on supporting on-prem, Windows®-centric environments. Even as the cloud matured, SaaS apps flooded the market, and Mac® and Linux® systems exploded in use, AD has been slow to adopt a more open, cloud-forward approach.
This lack of flexibility has come at a high price. The more different resources there are, the more difficult it is to control and secure them. In order to maintain efficiency and agility, many directors of IT have had to shell out more money for add-on identity management solutions (e.g. SSO, MDM, identity bridges).
Fortunately, a next-gen directory service has recently emerged that takes a more modern approach by integrating with virtually any IT resource regardless of protocol, platform, provider, and location. It’s an open directory service.
Many IT organizations are intrigued by such an approach and are very interested in the business case for the open directory. To be clear, their interest is not in Apple Open Directory, which happens to go by the same name. Rather, the open directory that is outlined in this post is a directory service that is flexible instead of homogeneous. This concept will be discussed in greater detail here shortly, as well why an adaptive directory is a game changer.
First, though, let’s take a step back and look at how changes in the IT landscape have led to the predicament many IT admins find themselves in today.
Background
Active Directory and the IT Landscape
Directory services, as most know them today, got their “true” start in a broad commercial sense in 1999 when Microsoft released Active Directory. AD was built to help IT admins simplify identity management for their 100% Microsoft environments, which were the norm for most at the time. With AD at their side, IT admins could easily manage user access to networks, systems, applications, and file storage. However, Microsoft wasn’t alone in producing a technological wonder that year.
In that same year, Salesforce® emerged—one of the early applications based on the Software-as-a-Service (SaaS) model. Soon after, many more web-based applications followed in Salesforce’s footsteps. The thing is, Active Directory wasn’t built to manage this type of resource. So, IT admins found themselves managing users in Active Directory, and then also managing identities in each individual application.
Fortunately in 2001, single sign-on (SSO) providers emerged to help by federating AD identities to web-based applications. It was progress, but IT admins still found themselves needing to manage user access in multiple solutions. Of course, the problem only compounded as the decade unfolded. AWS® surfaced in 2006 and eliminated on-prem data centers. The iPhone® emerged in 2007, creating with it a newfound appreciation for Mac systems. Then, as the years went on, RADIUS grew in importance as remote work became increasingly popular. With each change in the IT landscape, AD experienced a new point of inadequacy and needed assistance from third-party providers
Today, IT admins are managing a host of software solutions that include:
- Directory Services
- SSO
- MDM
- RADIUS
- Identity Bridges
- MFA
- VPNs
- Governance
IT admins have gone from managing identities in one solution to managing them in at least 8 different types of software, and that doesn’t even include infrastructure components like cloud servers and each individual application. In most cases, this setup has taken a toll on budgets, time, control, security, and agility.
The world of IT has moved away from the on-prem, Windows-centric world, but Active Directory simply hasn’t. Thankfully, now there is an open directory service that is offering a different take on identity management.
What is an Open Directory Service?
Also known as JumpCloud® Directory-as-a-Service®, an open directory doesn’t limit the types of IT resources it will support. Instead, it is adaptive. It is capable of integrating with any resource regardless of who it’s from, where it is and what protocols and platforms the resource leverages. This means IT organizations only need one solution to securely connect users to everything they need to do their job. Such a tool in one’s IT arsenal can significantly improve productivity, agility, security, and control, all the while reducing costs.
Conversely, cloud identity management doesn’t require any on-prem hardware or software, so organizations can truly go all cloud. It also inherently supports legacy and web-based applications, physical and virtual file storage, wired and wireless networks, and Mac, Linux, and Windows systems. This lends itself well to IT organizations who are looking to optimize user and system management, improve the end user workflow, strengthen security, and use the best tools available. It’s why cloud identity management should be a priority.
What is the Business Case for the Open Directory?
Costs are reduced
An open directory service reduces costs in a couple of different ways. Instead of paying for 8 different solutions or more, you pay one price with JumpCloud’s open directory service, and you acquire extensive functionality to boot, like SSO, cross-platform system management, RADIUS, MFA, and so much more. With only one solution to navigate for all user management, an IT admin is able to make better use of their time and apply more focus on tasks like improving network efficiencies.
Next, labor costs are better spent in regards to IT staff and end users. Did you know that 76% of users are regularly locked out of their accounts due to password issues, and that 20-50% of IT support tickets are related to password resets? Did you also know that poor identity management leads to the average user managing and typing out 154 credentials a month?
In a single year, the seconds it takes to complete this task amount to the following for one user:
- 7.2 hours
- $196.56 in labor costs *
In an organization with 1,000 end users, that adds up to:
- 7200 hours
- $196560 in labor costs **
*Bureau of Labor Statistics: $27.30 average hourly wage; $27.30 x 7.2 hrs = $196.56
** $27.30 x 7,200 = $196,560
On top of that, it costs an average of $70 in IT labor costs to address a password reset. By the time the 1,000th password reset rolls around, an organization will have spent $70,000. An open directory reduces these costs by providing users with one set of credentials they can use to authenticate to everything. This significantly reduces forgotten passwords, the lockout delays that happen as a result, and the amount of IT support tickets directly related to password resets. It’s a win for everyone.
Lastly, since the nimble directory service is entirely cloud-based, IT organizations don’t have to budget for servers, storage, hosting, monitoring, and the costs that come with resiliency and redundancy. Authentication is a 100% uptime business, so it’s labor intensive and expensive to maintain. The open directory service eliminates the need for on-prem hardware and shoulders the responsibility of 100% uptime. So, organizations just have to budget for the fee to use the service and the minutes it takes to manage users and systems within the platform.
Agility is Fostered
Choice is powerful, especially where technology is concerned, and an open directory service enables organizations to adopt the technology that’s the right fit for them. Are you getting a great deal on cloud file storage from Google? Or does your organization use Window Home instead of Windows Pro? Whatever the case may be, an adaptive directory service will be there waiting to help securely connect users to those IT resources.
This adaptive nature also means that the directory service is future proof. Technology changes fast, so just because one app works well now, doesn’t mean it will be the best option a year later. Regardless, an open directory makes it possible to adapt a digital tool set accordingly without sacrificing security and efficiency. In the long run, this will encourage the various groups and departments in an organization to partner with IT admins because they will recognize that their prosperity is a priority for IT. Consequently, IT admins can worry less about shadow IT.
Security and Control are Maintained
Reduced shadow IT means sysadmins have widespread visibility and control over all the users and resources in the environment. This is ideal because it strengthens security, offers more opportunities to integrate applications, and prevents siloed data. With 6.3 million records being stolen everyday, bolstered security in particular is top of mind for all organizations. Since 81% of data breaches have been the result of weak or stolen passwords, identity security is paramount, and a flexible identity provider partners with IT organizations to protect their user identities. IT admins are able to centrally enforce effective identity security features like multi-factor authentication (MFA), password complexity management, and SSH key authentication. Next, adaptive directory services offer policy management for Windows, Mac, and Linux systems. With a couple clicks, sysadmins can remotely set security policies to ensure Full Disk Encryption is enabled, systems screen lock in a certain amount of time, and so much more. IT admins won’t just think their users and systems are secure, they’ll know they are.
Efficiency is Abundant
A cloud directory service that can support almost all digital tools enables IT admins to eliminate many of their ad hoc processes for automated ones. Company hiring a new marketing guru that’s starting tomorrow? No worries. In a matter of minutes, it’s possible to provision that new hire to all of the IT resources that they need to do their job, from day one. IT admins no longer have to dedicate hours to onboarding users, and new hires no longer have to wait weeks before they can start contributing meaningfully.
It may seem obvious, but users are more productive when they can use the best tools available.
Take SaaS applications for example:
- 86% of end-users report SaaS apps help them succeed more than desktop alternatives.
They experience the following:
- 50% less emails
- 30% fewer scheduled meetings
(Source: BetterCloud)
Instead of spending so much time communicating about the work they desire to accomplish, they can spend more time actually completing their work.
The business case for the open directory is clear: it promotes prosperity for the entire organization. From reduced costs and enhanced agility to heightened security and increased efficiency, an adaptive directory service offers profound advantages for the modern workplace.
Discover More About JumpCloud’s Open Directory Service
Are you intrigued by the business case for the open directory? There are a few paths you can take to continue your research. Discover how JumpCloud’s open identity provider has impacted organizations around the globe by browsing the case studies above. Interested in seeing the cloud directory service in action? Sign up for our free, full access account or inquire about a demo. If you are ready to have a conversation with one of our technical experts, please drop us a note.