Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Active Directory Is Dead: 3 Reasons
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
haglt
50%
50%
haglt,
User Rank: Apprentice
4/16/2014 | 7:47:22 AM
Re: What's the alternative
@Mr. Pedersen

you said it pretty clrear: you are targeting startups... which is ok but I am afraid at some point the Startup gets serious and that is the point where Clous Services tend to stop been the best soution.

Here´s some questions for you:

- How would you Authenticate while been offline?
- What´s your opinion on Functional Groups vs. single user access rights
- How to grant File Access without deep manipulation on the Server side?

And that does not even take into account the various requirements that different businesses like Banks or Goverments have let a lone the (insane) Data-Security requirements in Europe or High Availabillity szenarios.

Sure, AD has same shortcommings but saying it is not able to be handled efficient means you are not aware of the dramatic improvements in Powershell. People already propose to manage Software Defined Data Centers through Powershell and ystem Center. I agree that this could have been available for much longer but that´s how it is.

What´s the Alternative? 
I don´t think we need one. What we need is an online extension that adapts all kinds of Cloud Service and DOES NOT STOP AT AUTHENTIFICATION. 

What would really be required is a general API to tell Cloud Services how I want them to offer their Services manged by AD... But with Privat Customers and Startups as Target Audience that will barely happen...oh wait... the bigger players in the Market already head that way... and Amazon and MS are some of them...

Don´t get me wrong. I agree with the statement that AD asks for Experts but that is due to the possibility to adapt to custom requirements that you do not have when using Cloud Servies.

Prove me wrong...PLEASE! 
But until you do please stop planting unrealistic Ideas in the Heads of Managers
vremenar
100%
0%
vremenar,
User Rank: Apprentice
4/16/2014 | 2:17:35 AM
Re: What's the alternative
You actually think you can get away with "Active Directory Is Dead. Buy my soulution!"

Oh, let me keep all my employes accounts on OneLogin that one day might have an "Heartbleed-like" bug. Hmm, that does sound like a good idea. Thanks but no thanks.
jrdepriest
100%
0%
jrdepriest,
User Rank: Apprentice
4/15/2014 | 4:40:56 PM
You've been drinking your own Kool Aid
You are out of your mind.

AD isn't dead and will likely be a foundation of access control for smart organizations for a long time.

Why?
  1. AD is extensible. You have an app that needs fields not supported in AD? It can add them with a schema change.
  2. AD is compatible. Tell me an easier way to get Kerberos, LDAP/LDAPS, centralized and distributed access control, all of it with well-dveloped GUI and command-line controls included in the price of the OS.
  3. AD is everywhere. Microsoft servers rule big old enterprises. Ever server plugs right in to it.
  4. AD is useful. AD + GPO + SCCM means you can control just about single aspect of any Windows system in the domain down to what icons show up in the Start menu or whether you can change the system time. And you can keep them fuly patched for Microsoft products and 3rd party apps.

AD may be out of here in 10 years or 20 years, but it's kicking strong right now. Heck, you can fully manage Windows 8.1 tablets with AD now. That's Microsoft moving right in to the spaces you are talking about.

The cloud is great if it can be tied back to AD because that's what your large customers are going to be using.

 

Yes, I remember NetWare being the software everybody used. I remember thinking it would never go away and Mircrosoft's AD would never take off.

They won because they gave it away with every server they sold.

Can you compete with free and competent?

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/15/2014 | 3:25:59 PM
Your experience integrating AD with cloud apps?
It's interesting to read the views of all the defenders of AD and the bashers of someone who predicts its demise. But what about the question Thomas put out to the security community in his blog? He asked: 
  • What has been your experience integrating AD successfully with your cloud apps? 
  • What have been your biggest challenges, and
  • What have been the biggest gaps?

Let's hear some success stories in the comments.
boconnor@henryscheinvet.com
100%
0%
[email protected],
User Rank: Apprentice
4/15/2014 | 1:54:26 PM
Don't count Microsoft out yet
Your article has some merit, calling out the aging Active Directory, but you seem to base the premise on the 1990's technology (I will agree the foot in the door was Exchange 5.5 on directory management, but AD was released in 2000, not the 1990s).  I believe Microsoft has updated Active Directory a few times since then.  Even discounting the upgrades, assuming they don't amount to enough, Microsoft has recently shifted their own focus to cloud and services.  If you think major changes in AD, or even a totally new model, are not forth-coming I think that might be a bit short sighted.  And honestly with a start-up today I would rather still use Office 365, with Exchange on-line and OneDrive all connected to my one Microsoft account, than Google.

And Google only has a stock valuation 9 times higher than G.E.  If you look at their balance sheets and income statements I think it might show a different picture, but the stock market is more than 50% perception, and less real business saavy.  I bet if you did a traditional asset minus liability count on Google (not including asset amounts leveraged with debt) people would be surprised at the stock vaule.  I could be wrong I suppose, but Google doesn't seem to 'sell' anything (for a profit anyway), oh, except somehow making bajillions on advertising...somehow...
TerryB
100%
0%
TerryB,
User Rank: Ninja
4/15/2014 | 1:29:35 PM
Re: What's the alternative
I'm waiting to see your answer to @Marilyn, Thomas.

Your use examples talk about new startups, of which 70-90% fail anyway. Cloud does make a lot sense in that case, why would you implement your own Exchange server right out of gate. Then your service makes some sense.

But what about the hundreds or thousands of established businesses with on premise infrastructure in place. You really think we are going to chuck it all and pay rent so we can move to the cloud?

We can run our systems which support our manufacturing under AD when our internet connection is down. Let me know when that can be said of the cloud and your identity service.
MauriceB786
100%
0%
MauriceB786,
User Rank: Apprentice
4/15/2014 | 12:07:20 PM
Re: What's the alternative
I may have worded that poorly.

I meant what value-add is it?

What can it do that I can't?

This is speaking as someone well-versed in automation, AD, and generally making people say "I didn't know it could do that."



I'm generally leery when someone asserts that any one product can solve all problems.

So of course there will be edge cases that aren't within a reasonable scope for spending developer cycles on, but are those cases in that catagory because there wasn't sufficent documentation out there saying, "Hey ADFS can do _____ ".

 

Or the admin didn't know to look for it?
Thomas B. Pedersen
50%
50%
Thomas B. Pedersen,
User Rank: Author
4/15/2014 | 11:58:27 AM
Re: What's the alternative
Maurice,

You hit the nail on the head right there. A decently resourced IT team can accomplish anything, but do you really want to throw resources at all problems or would you rather leverage commercially available solutions that can automate and streamline your processes?

We talk to a ton of companies about their identity management challenges and a common theme is that they don't want to invest more resources in configuring ADFS (Active Directory Federation Services). Not only is ADFS unreasonably complex, but it also does not solve problems most of the problems they are strugging with, such as:
  • User provisioning
  • Multi-factor authentication
  • Password reset
  • Apps that don't support federation
  • Easy-to-use SSO portals that increase productivity

The conversation is just as much about business agility and focusing on your core competences. It's a hyper competitive business environment and you can't be an identity laggard and stay competitive.

Thomas

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/15/2014 | 11:50:31 AM
Re: What's the alternative
Incidenally I'm putting as an open challenge Mr.Pederson, that your product doesn't do anything that a decently resourced IT team can't. 

@MauriceB786 
What are the specific things that you believe a cloud-based identity management solution can't do that Active Directory does.
Thomas B. Pedersen
50%
50%
Thomas B. Pedersen,
User Rank: Author
4/15/2014 | 11:28:58 AM
Re: What's the alternative
Maurice,

While our stack (Rails, Postgres, Ubuntu) is open-source, OneLogin has been written from the ground up by us. We don't use any larger open-source components for our identity functionality.

Thomas
<<   <   Page 2 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15505
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2020-15506
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE-2020-15507
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
CVE-2020-15096
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using &quot;contextIsolation&quot; are affecte...
CVE-2020-4075
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...