The 1200 baud modem was sweet in its day, but now we have broadband. The fax machine and beeper transformed businesses, but now we have smart phones, messaging apps, and near field technology. And while Active Directory is still used by 95 percent of the Fortune 500 today, with the rise of the cloud, it will soon be time to move Active Directory from the core to a legacy support system, to the trash bin.
According to a compilation by BetterCloud, Piper Jaffray predicts that in five years, one third of workloads will run in public clouds. Gartner has found that Google’s productivity suite is taking market share from Microsoft, predicting that by 2022, of 1.2 billion office suite business users, 695 million will rely on the cloud. My own conversations with today’s hottest start-ups all sound the same – these businesses are not managing files, email, and applications behind firewalls. It’s cheaper and faster to use apps like Egnyte, Dropbox, Huddle, BambooHR, and Marketo. In this new world, Active Directory functions poorly as an identity management solution.
For example, a recent client, a company with 15,000 employees in more than 2,000 locations, tried to roll out Office 365, but the administrators were completely overwhelmed by the complexity of using Active Directory Federated Services (ADFS) and had to seek an alternative solution designed with cloud identity management in mind. The complexity of extending Active Directory to the cloud slows IT deployments to a crawl. Born at a time (the 1990s!) when IT dictated every aspect of technology, this identity management solution hasn’t kept pace with the new technologies organizations need to implement. For example, implementing single sign-on (SSO), a foundational component to identity management, typically requires a custom integration project that can take months to finish, even without including essential features such as multi-factor authentication and rapid de-provisioning. And every time you add a new application into the mix, you have another integration project.
The move to the cloud should accelerate time to value and offload complexity, but mixing the cloud with Active Directory and ADFS is doubling your investment in the past, while waiting longer for the future.
Active Directory makes life more difficult for IT. The growing number and diversity of enterprise user communities and cloud applications puts pressure on IT to untangle a mountain of different security policies and authentication procedures. Managing all this in Active Directory, especially in today’s decentralized organizations, is incredibly time-consuming, leading to higher identity management costs and an overextended, discouraged IT department. Just getting a short-term contractor access to the right apps with the right entitlements can take hours or days, wasting precious time and money.
The move to the cloud should enable organizations to do more with less, but with Active Directory in the mix, it’s only IT that does more while business users do less.
Finally, relying on Active Directory in the age of easy-to-deploy cloud apps increases security risks by encouraging the rise of “shadow IT.” Users know how easy it is to sign up for cloud apps and begin using them, and facing their own pressure to perform, they have no patience with an IT department hampered by out-of-date tools, so they simply bypass IT. In fact, in our 2013 State of Cloud Application Access Survey, 71 percent of respondents admitted to using unsanctioned apps like Dropbox and Google Apps to get work done, while 44 percent said employees still manage passwords on sticky notes and spreadsheets.
The move to the cloud should never compromise network or data security. In fact, it can improve it dramatically, since cloud vendors endure security audits that would make many IT organizations crumble. But resting these efforts atop Active Directory has many hidden costs, with only an illusion of security.
Active Directory gained popularity for a good reason, but it should now take an honored place in the Hall of Fame. While enterprises with a large Active Directory install base will require time to wean themselves from the solution, those companies that resist changing their identity management strategy because of inertia, product loyalty, or in-house expertise will find themselves less productive, less secure, less agile, and ultimately less competitive.
(David Meyer is VP of Product at OneLogin, a Real-Time Identity Management & Single Sign-On provider.)
