Perhaps the single most significant innovation for IT over the last decade or two is the cloud.
As every IT organization thinks about how to leverage cloud infrastructure, there is a significant analysis and transformation that needs to happen in regards to its approach.
To truly leverage cloud technology, IT organizations need to think about their problems differently. While swapping an on-prem solution for a cloud version can be effective, it can be even more effective to challenge the fundamental underpinnings of a category. This approach is why IT admins are asking themselves, why move to cloud directory services?
Directory Services鈥 Early Days
When Tim Howes and his colleagues at the University of Michigan created the authentication protocol,聽LDAP, little did they know that they kicked off the modern era of identity management.
Before that, identity management was really a mixed bag of solutions and approaches. The concept of directory services then really solidified when Microsoft聽introduced Active Directory聽聽(MAD or AD) in 1999. LDAP and Active Directory worked well in conjunction to provide an enterprise with what would become the quintessential identity management solution.
Due to this, the concept of directory services has largely been driven by Microsoft.
Of course, this made a great deal of sense for a long time. Because Microsoft owned the desktop operating system with Windows庐, it made it easier for them to control the IT management tools space as well. Active Directory was foremost on this list, and has been, for almost two decades, the on-prem identity provider of necessity more than choice for an organization.
So, it鈥檚 no surprise that IT admins are reluctant to consider any Active Directory alternatives. In fact, Microsoft is looking to lock IT organizations in by creating a complementary solution called聽Azure聽Active Directory.听
Azure AD is an extension of the traditional on-prem Active Directory, but isn鈥檛 actually a cloud-based AD replacement (). In fact, Azure AD isn鈥檛 really a cloud directory service, but rather a user management platform for Azure infrastructure and Office 365鈩.
Smart IT organizations are still asking the question, why move to cloud directory services? They know that on-prem Active Directory isn鈥檛 a viable approach as the entire IT infrastructure shifts to the cloud. And, since Azure AD isn鈥檛 a replacement to AD, there are compelling reasons to move from Microsoft-based solutions into the cloud. But what cloud directory solutions are available to replace Active Directory?
Breaking Up with Active Directory
Before we dive into the reasons why a move to a cloud directory makes a great deal of sense, we need to hit reset on what the IT environment looks like today. In the past, IT was virtually all Windows-based, but today鈥檚 IT scene is dramatically different. With Mac庐 and Linux庐 systems, web applications, cloud infrastructure, and WiFi networks, it鈥檚 a far cry from the legacy AD days. These changes are rendering the on-prem identity provider obsolete and constraining IT organizations.
The modern approach to identity management鈥攖he cloud directory鈥攊s transformative for organizations by offering a vendor neutral, platform-agnostic approach. IT organizations are no longer reliant on a homogenous network to make their identity and access control program work. In fact, this ability to enable IT organizations to leverage whatever they want is a core reason why IT is shifting to a cloud directory along with cost, productivity, and security.
Choice
The legacy, on-prem identity provider virtually forced IT organizations into a homogenous network. End users weren鈥檛 encouraged to use whatever was best for them, rather it was to leverage what would integrate with Active Directory, since that was a major control point of the network. With a cloud directory service, organizations are free to choose whatever IT solutions are best for them.
For instance, according to聽Upland, a cloud directory service can provide authorization to 鈥渁ny system, anywhere, at anytime with one password for each user.鈥
A cloud directory service is platform independent, multi-protocol, provider neutral, and location agnostic. In short, IT delivers choice to their organization and the organization can leverage whatever IT resources are best for them.
Control
As the IT landscape shifted to non-Windows IT resources, Active Directory, and by extension IT admins, lost control. More and more IT resources were outside of the purview of AD.
Now, some organizations could leverage third party add-ons such as identity bridges,聽web application SSO solutions,聽and privileged identity management platforms on top of AD to gain the control that they needed, but this approach left a fragmented, disparate infrastructure with high cost, and security holes.
Before implementing their cloud directory service, for example,聽Doublestruck聽was experiencing 鈥渢he pain of having a bunch of systems all set up different ways for different users. Our end users were feeling that pain too.鈥 With a cloud directory service, however, they had a central point of control over virtually all users and IT resources. Cloud directory services allow IT admins to leverage one web-based console to control users and systems across the entire IT infrastructure.
Security
There may not be a more important security issue than protecting identities. Building in security at the foundation of the identity management strategy for an organization is critical. Every identity should have security built in with strong password complexity requirements,聽SSH keys for critical server access,聽multi-factor authentication to systems and applications, and more.
A cloud directory service 鈥渇illed that need right away鈥 for聽UPPAbaby聽when they needed to improve their password complexity. UPPAbaby and other IT organizations can feel confident that they are stepping up their identity security game, thanks to a cloud directory supports that initiative.
Productivity
Frictionless and frustration-free access is critical for end users today. More of their lives are spent with digital solutions trying to accomplish their tasks. Creating hurdles for these workers to access the IT resources they need is a hassle they simply don鈥檛 want. Neither does IT, it turns out.
Both end users and IT are searching for ways to make it easier to do their respective jobs, while also creating a safe, secure IT environment. A pain point where this is especially prevalent is onboarding, which can take up to a month at some companies.
After leveraging a cloud directory service,聽Tamr聽cut their onboarding time from multiple weeks to 鈥渕aybe 15 minutes a week tops.鈥 This is only one such area where cloud directories improve productivity. A cloud directory is focused on creating one identity for each person that connects them to virtually whatever IT resources they need.
Cost
An IT admin鈥檚 identity management shopping list is one that costs a significant amount of money. Major expenses include on-prem hardware, software, hosting, security, backup, and load balancing. Of course, that doesn鈥檛 even include the time that already busy IT admins are spending working on their on-prem identity management infrastructure.
About their cloud directory service,聽The Church Online聽said 鈥淟ooking forward, choosing [a cloud directory service] means that we won鈥檛 need to hire as many IT staff members as we continue to grow. The value is immense because of the time it saves.鈥 By outsourcing directory services, IT admins can save money and, perhaps more importantly, time.
Why Move to Cloud Directory Services?
As the IT landscape continues to transform, innovative approaches to existing tasks will emerge. It is critical that IT organizations delve deep and ask why before making the leap. In many instances, the shift may not make sense, but in some cases it can provide immediate gains. Please聽contact us聽and let us know if we can talk you through why moving to a cloud directory service can be a game changer for your organization.