How a Cloud Directory Can Bring Order to Chaos

February 5th, 2016   /     /   product and technology, security and compliance

Employees are increasingly using cloud apps to do their jobs. The use of Active Directory (AD), which was originally created as a system for managing on-premise resources, is changing for a number of companies—especially startups who don’t have many, if any, on-premise resources. Although 90 percent of our clients aren’t startups and use our AD real time sync, if you aren’t already using AD, you might not need it. Sometimes the cloud directory can provide the benefits of business integrity you are looking for without having to add on-premise complexity.

The location of many resources is changing to the cloud, yet companies still need central management of those resources. Trying to maintain security and order in a chaotic free-for-all use of cloud apps and BYOD culture is like a black hole sucking in IT’s time—time they could be dedicating to other projects.

Benefits of a Cloud Directory

Using a cloud directory can bring order to the chaos without creating the undue complexity that comes with AD. A cloud directory is simple, fast, secure, and at the same time, provides flexibility and increased collaboration.

Simplicity

”In an era where business runs on Red Bull, Active Directory is old and bloated.”

Thomas Pedersen
CEO of OneLogin

A cloud directory introduces simplicity for both IT and end users. The IT department can once again manage all the resources employees use: hacking away at unessential duplicate accounts and preventing security risks. IT can use a cloud directory to automate app provisioning and deprovisioning, and easily map user roles to application role reducing a complex process into several clicks (Read why your company should automate app provisioning). Also, they wouldn’t have to spend resources having and maintaining on-site servers needed for AD either. That’s a lot of wins for IT.

The end user wins too; a cloud directory brings the simplicity of single-sign-on (SSO) for all employees. For example, OneLogin’s portal gives users one-click access to all their web apps in the cloud and behind the firewall.

Speed

Centralized management via Active Directory means one more hoop to jump through, delay, and downtimes for scheduled maintenance. Yet with a cloud directory, IT can maintain centralized management without causing any delay. Changes and updates to cloud app access can happen within seconds for any location and any device. And with the cloud directory backed by servers in multiple locations, there is no downtime.

SSO and automated provisioning also increase the speed at which employees can start using the resources they need to do their jobs.

Security

”OneLogin’s simple approach to SAML is giving us confidence to think about shifting from Active Directory altogether, something we just wouldn’t have done before.”

Collin Hachwi
IT Infrastructure Manager at DISYS

Usually security and complexity go hand-in-hand. So how does a cloud directory offer simplicity without sacrificing security?

Eliminating passwords

By eliminating passwords whenever possible through technology like SAML, phishing attacks and other password vulnerabilities are reduced. OneLogin also elegantly handles web applications that don’t support federation, using a technique known as password vaulting. Although not an actual physical vault, the mechanism by which vaulted passwords are stored has been extra hardened to protect them against unauthorized access.

Focusing on identity

Eliminating passwords allows OneLogin to focus on identity. Additionally, multi-factor authentication and other security policies increases the likelihood that the person logging into an application is the person they say they are. You can be confident the connection between the user’s identity—that we’ve rigorously verified—and app access is accurate.

Providing audit reports

Through auditing, OneLogin knows when a user has accessed an app, which provides a higher level of security for shared applications.

Flexibility

”You’re going to need to be able to access all of your work—your data and your applications—no matter what device you’re on or where you’re at. OneLogin allows that to happen seamlessly.”

Gary Graeff
IT Group Manager at Steelcase

Because IT can log and view access audits and enforce multi-factor authentication and other security policies, employees have the flexibility to use cloud applications that might otherwise create too high of a security risk as well as use those applications from their phones, tablets, laptops at home, the local coffee shop, library, hotel etc.

Security policies can be created to allow a user on-premise to launch an application without any passwords, but for off-site access to the same application they will be required to use two-factor authentication.

Collaboration

Using a cloud directory is a lot like driving on the freeway and SSO is the on-ramp for employees accessing the apps they need to be productive. When employees can work without being on different roads where red lights of invalid passwords and app sign-ups slow them down—in addition to the flexibility of accessing apps from various devices in various locations—increased collaboration happens.

Whether or not you have AD, if your company is using cloud apps, it should also be using a cloud directory. If you are using Active Directory, check out our AD Integration whitepaper and see how easy it is (five minutes easy) to integrate. If you aren’t using AD, don’t sweat it, a cloud directory may be all you need.

No more black holes eating up IT’s time and no more red lights slowing down productivity. Try using a cloud directory today with a free demo of OneLogin.

About the Author

Dan Rampe is OneLogin’s Director of Global Communications and PR. He has 20+ years hands-on and strategic expertise in public relations, analyst relations, corporate communications, social media, and digital and content marketing in Fortune 500 and start-up environments. Dan takes delight as a company builder and creative storyteller with a focus on SaaS, security, Identity and Access Management (IAM), mobile, authentication, single sign-on (SSO), Identity-as-a-Service (IDaaS) and Internet of Things. When not at work you can often find Dan rock climbing in Yosemite, the Sierra Nevada and points beyond.

View all posts by Dan Rampe