Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:15 PM
Connect Directly

Are Directories The On-Premises Sacred Cow?

As a server orchestration startup reengineers itself into a directory-as-a-service play, the question is why the market hasn't moved to say goodbye to Active Directory and LDAP.

Even as identity management providers have begun shifting chunks of the identity infrastructure to the SaaS model, directory services have remained the on-premises sacred cow until now. With so much enterprise legacy functionality tied up in Active Directory (AD) and LDAP, identity-as-a-service (IaaS) and single sign-on (SSO) for cloud applications have generally tried to work around the framework of cloud user management and authentication integrated into an on-premises AD or LDAP deployment for other enterprise applications.

"These services are not focused on being directories. They're not looking at being the central source of authoritative management of employees and devices," says Greg Keller, chief product officer for JumpCloud, a server orchestration and, now, cloud-based directory provider.

This week his firm hopes to blow open the directory model with one of the first market attempts at directory-as-a-service. But the big question is where the competition is. Why haven't other vendors tried to shift directories to a SaaS offering?

"As we've pushed hard on this, we keep looking over our shoulders wondering why anyone hasn't done this yet," says Keller. "Where are the dead bodies buried?"

According to analysts, a big part of it has to do with enterprise reticence to outsource such an integral piece of legacy infrastructure. As Derek Brink of Aberdeen Group explains, enterprises tend to send infrastructure functionality to the cloud when the activity in question might be important but not exactly strategic.

"If it's important and strategic, companies tend to hold on to it much more tightly. There's no doubt that directories are important; whether based on AD or LDAP, for most organizations they're the cornerstone for identities and access controls," he says. "The question of whether directories are strategic is perhaps up for debate. I happen to think they are. They play such a central role in what knowledge workers are trying to do all day long, day in and day out, which is access enterprise resources and data. Identities and access controls are just fundamental to doing that."

And that's not to mention the sheer amount of work it would take to convert legacy AD and LDAP deployments to the cloud.

"You need to hook into devices in a way they aren't used to, plus deal with network and latency issues," says Rich Mogull, analyst and CEO of Securosis. "It isn't as simple as deploying a directory server in the cloud."

As such, "enterprise is a tough nut" for a directory-as-a-service approach, Mogull says. This means that many potential vendors haven't wanted to touch it.

"Conceptually, this doesn't appeal to large enterprises, and many startups and investors are laser focused on that part of the market," he explains. "This is something that appeals a lot more once you go downmarket. Think about it -- if everyone goes to an office or two, it's harder to justify pushing your directory to the cloud. Someone like Securosis? Everyone works remote, so it is perfect."

But according to executives at JumpCloud, that downmarket opportunity offered plenty of incentive to act as first movers in the category.

"If you were to paint the persona of who we're going after, it is customers that have been born in the cloud and don't have any legacy baggage," Keller says. "They're moving quick, and their employee base is growing and have never had Exchange. And now their IT team has run smack dab into the wall of 'Oh, God, we need a directory. Gmail isn't cutting it anymore.'"

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-25
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
PUBLISHED: 2020-02-25
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
PUBLISHED: 2020-02-25
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.
PUBLISHED: 2020-02-25
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been ...
PUBLISHED: 2020-02-25
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.