Perhaps the single most significant innovation for IT over the last decade or two is the cloud.
As every IT organization thinks about how to leverage cloud infrastructure, there is a significant analysis and transformation that needs to happen in regards to its approach.
To truly leverage cloud technology, IT organizations need to think about their problems differently. While swapping an on-prem solution for a cloud version can be effective, it can be even more effective to challenge the fundamental underpinnings of a category. This approach is why IT admins are asking themselves, why move to cloud directory services?
Directory Services’ Early Days
When Tim Howes and his colleagues at the University of Michigan created the authentication protocol, LDAP, little did they know that they kicked off the modern era of identity management. Before that, identity management was really a mixed bag of solutions and approaches. The concept of directory services then really solidified when Microsoft® introduced Active Directory® (MAD or AD) in 1999. LDAP and Active Directory worked well in conjunction to provide an enterprise with what would become the quintessential identity management solution. Due to this, the concept of directory services has largely been driven by Microsoft.
Of course, this made a great deal of sense for a long time. Because Microsoft owned the desktop operating system with Windows®, it made it easier for them to control the IT management tools space as well. Active Directory was foremost on this list, and has been, for almost two decades, the on-prem identity provider of necessity more than choice for an organization.
So, it’s no surprise that IT admins are reluctant to consider any Active Directory alternatives. In fact, Microsoft is looking to lock IT organizations in by creating a complementary solution called Azure® Active Directory. Azure AD is an extension of the traditional on-prem Active Directory, but isn’t actually a cloud-based AD replacement (Spiceworks). In fact, Azure AD isn’t really a cloud directory service, but rather a user management platform for Azure infrastructure and Office 365™.
Smart IT organizations are still asking the question, why move to cloud directory services? They know that on-prem Active Directory isn’t a viable approach as the entire IT infrastructure shifts to the cloud. And, since Azure AD isn’t a replacement to AD, there are compelling reasons to move from Microsoft-based solutions into the cloud. But what cloud directory solutions are available to replace Active Directory?
Breaking Up with Active Directory
Before we dive into the reasons why a move to a cloud directory makes a great deal of sense, we need to hit reset on what the IT environment looks like today. In the past, IT was virtually all Windows-based, but today’s IT scene is dramatically different. With Mac® and Linux® systems, web applications, cloud infrastructure, and WiFi networks, it’s a far cry from the legacy AD days. These changes are rendering the on-prem identity provider obsolete and constraining IT organizations.
The modern approach to identity management—the cloud directory—is transformative for organizations by offering a vendor neutral, platform-agnostic approach. IT organizations are no longer reliant on a homogenous network to make their identity and access control program work. In fact, this ability to enable IT organizations to leverage whatever they want is a core reason why IT is shifting to a cloud directory along with cost, productivity, and security.
The legacy, on-prem identity provider virtually forced IT organizations into a homogenous network. End users weren’t encouraged to use whatever was best for them, rather it was to leverage what would integrate with Active Directory, since that was a major control point of the network. With a cloud directory service, organizations are free to choose whatever IT solutions are best for them. For instance, according to Upland, a cloud directory service can provide authorization to “any system, anywhere, at anytime with one password for each user.” A cloud directory service is platform independent, multi-protocol, provider neutral, and location agnostic. In short, IT delivers choice to their organization and the organization can leverage whatever IT resources are best for them.
As the IT landscape shifted to non-Windows IT resources, Active Directory, and by extension IT admins, lost control. More and more IT resources were outside of the purview of AD. Now, some organizations could leverage third party add-ons such as identity bridges, web application SSO solutions, and privileged identity management platforms on top of AD to gain the control that they needed, but this approach left a fragmented, disparate infrastructure with high cost, and security holes. Before implementing their cloud directory service, for example, Doublestruck was experiencing “the pain of having a bunch of systems all set up different ways for different users. Our end users were feeling that pain too.” With a cloud directory service, however, they had a central point of control over virtually all users and IT resources. Cloud directory services allow IT admins to leverage one web-based console to control users and systems across the entire IT infrastructure.
There may not be a more important security issue than protecting identities. Building in security at the foundation of the identity management strategy for an organization is critical. Every identity should have security built in with strong password complexity requirements, SSH keys for critical server access, multi-factor authentication to systems and applications, and more. A cloud directory service “filled that need right away” for UPPAbaby when they needed to improve their password complexity. UPPAbaby and other IT organizations can feel confident that they are stepping up their identity security game, thanks to a cloud directory supports that initiative.
Frictionless and frustration-free access is critical for end users today. More of their lives are spent with digital solutions trying to accomplish their tasks. Creating hurdles for these workers to access the IT resources they need is a hassle they simply don’t want. Neither does IT, it turns out. Both end users and IT are searching for ways to make it easier to do their respective jobs, while also creating a safe, secure IT environment. A pain point where this is especially prevalent is onboarding, which can take up to a month at some companies. After leveraging a cloud directory service, Tamr cut their onboarding time from multiple weeks to “maybe 15 minutes a week tops.” This is only one such area where cloud directories improve productivity. A cloud directory is focused on creating one identity for each person that connects them to virtually whatever IT resources they need.
An IT admin’s identity management shopping list is one that costs a significant amount of money. Major expenses include on-prem hardware, software, hosting, security, backup, and load balancing. Of course, that doesn’t even include the time that already busy IT admins are spending working on their on-prem identity management infrastructure. About their cloud directory service, The Church Online said “Looking forward, choosing [a cloud directory service] means that we won’t need to hire as many IT staff members as we continue to grow. The value is immense because of the time it saves.” By outsourcing directory services, IT admins can save money and, perhaps more importantly, time.
Why Move to Cloud Directory Services?
As the IT landscape continues to transform, innovative approaches to existing tasks will emerge. It is critical that IT organizations delve deep and ask why before making the leap. In many instances, the shift may not make sense, but in some cases it can provide immediate gains. Please contact us and let us know if we can talk you through why moving to a cloud directory service can be a game changer for your organization.