Are Directories The On-Premises Sacred Cow?Are Directories The On-Premises Sacred Cow?
As a server orchestration startup reengineers itself into a directory-as-a-service play, the question is why the market hasn't moved to say goodbye to Active Directory and LDAP.
September 23, 2014
Even as identity management providers have begun shifting chunks of the identity infrastructure to the SaaS model, directory services have remained the on-premises sacred cow until now. With so much enterprise legacy functionality tied up in Active Directory (AD) and LDAP, identity-as-a-service (IaaS) and single sign-on (SSO) for cloud applications have generally tried to work around the framework of cloud user management and authentication integrated into an on-premises AD or LDAP deployment for other enterprise applications.
"These services are not focused on being directories. They're not looking at being the central source of authoritative management of employees and devices," says Greg Keller, chief product officer for JumpCloud, a server orchestration and, now, cloud-based directory provider.
This week his firm hopes to blow open the directory model with one of the first market attempts at directory-as-a-service. But the big question is where the competition is. Why haven't other vendors tried to shift directories to a SaaS offering?
"As we've pushed hard on this, we keep looking over our shoulders wondering why anyone hasn't done this yet," says Keller. "Where are the dead bodies buried?"
According to analysts, a big part of it has to do with enterprise reticence to outsource such an integral piece of legacy infrastructure. As Derek Brink of Aberdeen Group explains, enterprises tend to send infrastructure functionality to the cloud when the activity in question might be important but not exactly strategic.
"If it's important and strategic, companies tend to hold on to it much more tightly. There's no doubt that directories are important; whether based on AD or LDAP, for most organizations they're the cornerstone for identities and access controls," he says. "The question of whether directories are strategic is perhaps up for debate. I happen to think they are. They play such a central role in what knowledge workers are trying to do all day long, day in and day out, which is access enterprise resources and data. Identities and access controls are just fundamental to doing that."
And that's not to mention the sheer amount of work it would take to convert legacy AD and LDAP deployments to the cloud.
"You need to hook into devices in a way they aren't used to, plus deal with network and latency issues," says Rich Mogull, analyst and CEO of Securosis. "It isn't as simple as deploying a directory server in the cloud."
As such, "enterprise is a tough nut" for a directory-as-a-service approach, Mogull says. This means that many potential vendors haven't wanted to touch it.
"Conceptually, this doesn't appeal to large enterprises, and many startups and investors are laser focused on that part of the market," he explains. "This is something that appeals a lot more once you go downmarket. Think about it -- if everyone goes to an office or two, it's harder to justify pushing your directory to the cloud. Someone like Securosis? Everyone works remote, so it is perfect."
But according to executives at JumpCloud, that downmarket opportunity offered plenty of incentive to act as first movers in the category.
"If you were to paint the persona of who we're going after, it is customers that have been born in the cloud and don't have any legacy baggage," Keller says. "They're moving quick, and their employee base is growing and have never had Exchange. And now their IT team has run smack dab into the wall of 'Oh, God, we need a directory. Gmail isn't cutting it anymore.'"
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
5 Reasons To Move your PKI Deployment to the Cloud