Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:15 PM
Connect Directly

Are Directories The On-Premises Sacred Cow?

As a server orchestration startup reengineers itself into a directory-as-a-service play, the question is why the market hasn't moved to say goodbye to Active Directory and LDAP.

Even as identity management providers have begun shifting chunks of the identity infrastructure to the SaaS model, directory services have remained the on-premises sacred cow until now. With so much enterprise legacy functionality tied up in Active Directory (AD) and LDAP, identity-as-a-service (IaaS) and single sign-on (SSO) for cloud applications have generally tried to work around the framework of cloud user management and authentication integrated into an on-premises AD or LDAP deployment for other enterprise applications.

"These services are not focused on being directories. They're not looking at being the central source of authoritative management of employees and devices," says Greg Keller, chief product officer for JumpCloud, a server orchestration and, now, cloud-based directory provider.

This week his firm hopes to blow open the directory model with one of the first market attempts at directory-as-a-service. But the big question is where the competition is. Why haven't other vendors tried to shift directories to a SaaS offering?

"As we've pushed hard on this, we keep looking over our shoulders wondering why anyone hasn't done this yet," says Keller. "Where are the dead bodies buried?"

According to analysts, a big part of it has to do with enterprise reticence to outsource such an integral piece of legacy infrastructure. As Derek Brink of Aberdeen Group explains, enterprises tend to send infrastructure functionality to the cloud when the activity in question might be important but not exactly strategic.

"If it's important and strategic, companies tend to hold on to it much more tightly. There's no doubt that directories are important; whether based on AD or LDAP, for most organizations they're the cornerstone for identities and access controls," he says. "The question of whether directories are strategic is perhaps up for debate. I happen to think they are. They play such a central role in what knowledge workers are trying to do all day long, day in and day out, which is access enterprise resources and data. Identities and access controls are just fundamental to doing that."

And that's not to mention the sheer amount of work it would take to convert legacy AD and LDAP deployments to the cloud.

"You need to hook into devices in a way they aren't used to, plus deal with network and latency issues," says Rich Mogull, analyst and CEO of Securosis. "It isn't as simple as deploying a directory server in the cloud."

As such, "enterprise is a tough nut" for a directory-as-a-service approach, Mogull says. This means that many potential vendors haven't wanted to touch it.

"Conceptually, this doesn't appeal to large enterprises, and many startups and investors are laser focused on that part of the market," he explains. "This is something that appeals a lot more once you go downmarket. Think about it -- if everyone goes to an office or two, it's harder to justify pushing your directory to the cloud. Someone like Securosis? Everyone works remote, so it is perfect."

But according to executives at JumpCloud, that downmarket opportunity offered plenty of incentive to act as first movers in the category.

"If you were to paint the persona of who we're going after, it is customers that have been born in the cloud and don't have any legacy baggage," Keller says. "They're moving quick, and their employee base is growing and have never had Exchange. And now their IT team has run smack dab into the wall of 'Oh, God, we need a directory. Gmail isn't cutting it anymore.'"

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.