More often than not in the current age, many institutions are making the transition to the cloud.xiiiThere are a host of both advantages and disadvantages to making this jump – and the primary environment in question is a large factor in making this decision.
The major benefit to making the shift to cloud hosting for web applications and services is the ability to easily expand existing IT infrastructure, or add an entirely new variation of that infrastructure. Despite this benefit, price can often turn into a major issue when determining true return on investment.
Some additional questions to consider when looking at a Cloud-based solution for Identity and Service Management are the location of the user database, the security therein, and how each method will affect local or government compliance requirements.
Where are my users stored?
No matter the local environment – there needs to be a user repository for authentication and identity management. Making the choice to use Active Directory provides various options for implementing this database in systems that might integrate Cloud-computing in full or just as part of the existing environment.
Local Active Directory database storage comes with a dedicated hardware and maintenance cost – but this also allows for another level of security. While local, on premises hosting of Active Directory puts the upkeep and service costs in-house, this method also enables a higher level of access control and security to be implemented by the owner of the directory.
Additionally, a specific compliance may require that a user repository be hosted locally as opposed to a cloud. Active Directory allows for flexibility in that regard.
Microsoft Azure Active Directory is the cloud-based iteration of Active Directory. This model hosts the entire directory in a multi-tenant, cloud-based directory for identity and access management.xivHosting the directory in this manner allows for simple, easy integration with existing SaaS applications and services – Microsoft or otherwise.
Much like the locally hosted Active directory, Azure AD also features support for SSO and 2FA functionality.
The Hybrid Approach
If various aspects of both the cloud-based and on premises approach to Active Directory and Identity Management seem to be worth considering – Active Directory also lends itself to a Hybrid approach. There are two common variations of a Hybrid hosting situation: Active Directory hosted locally with Access Control to cloud apps, or hosting a private cloud.
Locally Hosted AD with Cloud App Integration
This method allows an organization to retain the security and compliance requirements met by hosting user data and login information on dedicated, local servers while benefiting from the convenience and cost-savings of hosting all applications in the cloud. A cloud-based Identity Provider can then access Active Directory using a secure network connection/tunnel before providing users with access to the applications that are hosted elsewhere.
Hosting a private cloud with Active Directory on a dedicated server is another way to go. This method is not as far ranging as true cloud computing, but enables certain organizationstomaintain the security of knowing exactly where user information is stored. For auditing and compliance purposes – this added security and convenience serves as a plausible alternative to trusting the entirety of their user data to an unseen location with minimal transparency about replication and access limitations.