Operations

9/23/2014
06:15 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Are Directories The On-Premises Sacred Cow?

As a server orchestration startup reengineers itself into a directory-as-a-service play, the question is why the market hasn't moved to say goodbye to Active Directory and LDAP.

Even as identity management providers have begun shifting chunks of the identity infrastructure to the SaaS model, directory services have remained the on-premises sacred cow until now. With so much enterprise legacy functionality tied up in Active Directory (AD) and LDAP, identity-as-a-service (IaaS) and single sign-on (SSO) for cloud applications have generally tried to work around the framework of cloud user management and authentication integrated into an on-premises AD or LDAP deployment for other enterprise applications.

"These services are not focused on being directories. They're not looking at being the central source of authoritative management of employees and devices," says Greg Keller, chief product officer for JumpCloud, a server orchestration and, now, cloud-based directory provider.

This week his firm hopes to blow open the directory model with one of the first market attempts at directory-as-a-service. But the big question is where the competition is. Why haven't other vendors tried to shift directories to a SaaS offering?

"As we've pushed hard on this, we keep looking over our shoulders wondering why anyone hasn't done this yet," says Keller. "Where are the dead bodies buried?"

According to analysts, a big part of it has to do with enterprise reticence to outsource such an integral piece of legacy infrastructure. As Derek Brink of Aberdeen Group explains, enterprises tend to send infrastructure functionality to the cloud when the activity in question might be important but not exactly strategic.

"If it's important and strategic, companies tend to hold on to it much more tightly. There's no doubt that directories are important; whether based on AD or LDAP, for most organizations they're the cornerstone for identities and access controls," he says. "The question of whether directories are strategic is perhaps up for debate. I happen to think they are. They play such a central role in what knowledge workers are trying to do all day long, day in and day out, which is access enterprise resources and data. Identities and access controls are just fundamental to doing that."

And that's not to mention the sheer amount of work it would take to convert legacy AD and LDAP deployments to the cloud.

"You need to hook into devices in a way they aren't used to, plus deal with network and latency issues," says Rich Mogull, analyst and CEO of Securosis. "It isn't as simple as deploying a directory server in the cloud."

As such, "enterprise is a tough nut" for a directory-as-a-service approach, Mogull says. This means that many potential vendors haven't wanted to touch it.

"Conceptually, this doesn't appeal to large enterprises, and many startups and investors are laser focused on that part of the market," he explains. "This is something that appeals a lot more once you go downmarket. Think about it -- if everyone goes to an office or two, it's harder to justify pushing your directory to the cloud. Someone like Securosis? Everyone works remote, so it is perfect."

But according to executives at JumpCloud, that downmarket opportunity offered plenty of incentive to act as first movers in the category.

"If you were to paint the persona of who we're going after, it is customers that have been born in the cloud and don't have any legacy baggage," Keller says. "They're moving quick, and their employee base is growing and have never had Exchange. And now their IT team has run smack dab into the wall of 'Oh, God, we need a directory. Gmail isn't cutting it anymore.'"

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11350
PUBLISHED: 2019-04-19
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
CVE-2019-11351
PUBLISHED: 2019-04-19
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
CVE-2019-2039
PUBLISHED: 2019-04-19
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1...
CVE-2019-2040
PUBLISHED: 2019-04-19
In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Androi...
CVE-2019-2041
PUBLISHED: 2019-04-19
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Produc...