Even as identity management providers have begun shifting chunks of the identity infrastructure to the SaaS model, directory services have remained the on-premises sacred cow until now. With so much enterprise legacy functionality tied up in Active Directory (AD) and LDAP, identity-as-a-service (IaaS) and single sign-on (SSO) for cloud applications have generally tried to work around the framework of cloud user management and authentication integrated into an on-premises AD or LDAP deployment for other enterprise applications.
"These services are not focused on being directories. They're not looking at being the central source of authoritative management of employees and devices," says Greg Keller, chief product officer for JumpCloud, a server orchestration and, now, cloud-based directory provider.
This week his firm hopes to blow open the directory model with one of the first market attempts at directory-as-a-service. But the big question is where the competition is. Why haven't other vendors tried to shift directories to a SaaS offering?
"As we've pushed hard on this, we keep looking over our shoulders wondering why anyone hasn't done this yet," says Keller. "Where are the dead bodies buried?"
According to analysts, a big part of it has to do with enterprise reticence to outsource such an integral piece of legacy infrastructure. As Derek Brink of Aberdeen Group explains, enterprises tend to send infrastructure functionality to the cloud when the activity in question might be important but not exactly strategic.
"If it's important and strategic, companies tend to hold on to it much more tightly. There's no doubt that directories are important; whether based on AD or LDAP, for most organizations they're the cornerstone for identities and access controls," he says. "The question of whether directories are strategic is perhaps up for debate. I happen to think they are. They play such a central role in what knowledge workers are trying to do all day long, day in and day out, which is access enterprise resources and data. Identities and access controls are just fundamental to doing that."
And that's not to mention the sheer amount of work it would take to convert legacy AD and LDAP deployments to the cloud.
"You need to hook into devices in a way they aren't used to, plus deal with network and latency issues," says Rich Mogull, analyst and CEO of Securosis. "It isn't as simple as deploying a directory server in the cloud."
As such, "enterprise is a tough nut" for a directory-as-a-service approach, Mogull says. This means that many potential vendors haven't wanted to touch it.
"Conceptually, this doesn't appeal to large enterprises, and many startups and investors are laser focused on that part of the market," he explains. "This is something that appeals a lot more once you go downmarket. Think about it -- if everyone goes to an office or two, it's harder to justify pushing your directory to the cloud. Someone like Securosis? Everyone works remote, so it is perfect."
But according to executives at JumpCloud, that downmarket opportunity offered plenty of incentive to act as first movers in the category.
"If you were to paint the persona of who we're going after, it is customers that have been born in the cloud and don't have any legacy baggage," Keller says. "They're moving quick, and their employee base is growing and have never had Exchange. And now their IT team has run smack dab into the wall of 'Oh, God, we need a directory. Gmail isn't cutting it anymore.'"