In the mad rush to the cloud we’ve already got SaaS (software, security or storage as a service), PaaS (platform as a service,) IaaS (Infrastructure as a Service), CaaS (communications as a service) NaaS (network as a service), Maas (monitoring as a service) and even “XaaS” (everything and anything as a service.)
What’s next? Directories, those cumbersome-but-necessary databases of users, hardware and other network resources companies use to manage who gets access to which corporate services. At least that’s the vision of JumpCloud, which is extending its cloud-based data center management capabilities with a Directory As a Service (Daas.)
JumpCloud’s pitch is that it’s way too expensive and complicated to host and manage directories in-house, especially Microsoft’s Active Directory (AD). The rival Lightweight Directory Access Protocol has its own complexities, says Rajat Bhargava, JumpCloud’s President and CEO, requiring extensive knowledge of the Linux kernel and finding tools for point-and-click management.
Why not, JumpCloud argues, outsource directory services to JumpCloud, using what it claims are its simpler management tools and its links between on-premise AD or LDAP directories and infrastructure as a service providers such as Amazon?
The pricing is certainly attractive, at $10 per user per month (with the first ten users free forever.) Chief Product Officer Greg Keller says JumpCloud makes it easier to extend user accounts to the cloud through its ability to mirror AD data to managed hosting services. It also offers agent-based authentication on devices to reduce the IT management load, “while enabling the customer to authenticate and authorize users with cloud infrastructure, IT applications and multiple devices types,” the company said.
Another target audience, it says, are companies that have ditched the Microsoft Exchange in favor of Gmail, but must still use AD to manage their users, devices and applications.
Onwards the Federation
In the background is the promise of federated identity, in which companies an easily manage user identities whether they’re accessing apps and data in an internal data center or in the cloud. JumpCloud’s aim is not to provide such federated identity as a service but to provide ”One directory to rule them all,” a single authoritative source of information that replaces, or at least augments, either AD or LDAP, feeding identity credentials to other components within the enterprise infrastructure.
While JumpCloud’s directory is proprietary, it uses industry-standard interfaces to connect to a wide range of directories and other IT infrastructure. Because it allows AD to be hosted in the cloud rather than a corporate data center, it promises to provide the anywhere, anytime access users require, and remove the complexity of mirroring AD data to a directory server at each corporate location. If a user is out of Internet range, JumpCloud’s local agent stores encrypted credentials so the user can log onto their own device, and access any of the apps or data stored on it.
JumpCloud also claims to solve an even nastier problem: Tracking increasingly popular Apple devices like iPads and MacBook within the Windows-based AD without the need for expensive third party software. It also allows companies to manage their growing clouds of Linux servers through “a single pane of glass” without complex scripts and processes it says are needed with continuous integration and deployment tools such as Puppet and Chef.
What’s not to like? Well, last time I checked security was still the number one fear organizations have about the cloud, and directory data is in some ways the key to the kingdom. “Our company is probably going to do security better than yours, “claims Keller, since many of its engineers and managers are veterans of security-focused startups with skills from authentication and authorization to vulnerability assessment and security research. And since it can spread security spending across customers, he adds, it can make “investments in both technologies and time that would be cost prohibitive for our customers.”
JumpCloud relies primarily on Amazon Web Services for hosting, which Keller says is fully compliant with the highest level of the PCI DSS credit card security standards, HIPAA, SOC 1 type II and is ISO 27001 certified, among others. But with high-profile breaches, even among those who supposedly meet standards such as PCI DSS, I’m guessing security is still a big fear factor.
Second is the need, as when posting any critical data in the cloud, to get the data back in case something horrible happened to JumpCloud or AWS. The company says they’re in the process of developing such export tools, but I’ll bet a lot of customers will want that capability in the bag before signing.
The third challenge is that larger competitors will see the opportunity and out-execute JumpCloud on sales, marketing, operations or any other front.
So let the DaaS wars begin. But first, would you trust your directory to the cloud – and if so, what assurances would you demand of that cloud provider?
Filed under: Tech Trends
Like this post? Subscribe to my RSS feed and get loads more!