What is Directory Sprawl?
(Last updated on February 27, 2019)
The ugly truth behind IDaaS cloud directories
Directory Sprawl refers to the duplication of user data from an on-premise directory to a cloud directory. This problem is caused by the adoption of software as a service (SaaS) and the challenge of managing multiple user identities.
SaaS services have their own user database, each with their own way of identifying users, as well as securing and administering their data– this is known as identity sprawl. SaaS introduces both authentication and user management challenges within organizations since IT departments lose control.
Each SaaS application requires users to log in with their SaaS specific credentials. IT does not have visibility into the types of passwords their users are using when accessing these services. They don’t know if the passwords are secure, or compliant with regulatory requirements, or if they are simply reusing corporate passwords across these services – which is likely the case with studies indicating 80% password reuse. With a single breach opening the door to multiple systems, including sensitive corporate data, the threat to exposure is a hard reality.
Identity and Access Management as a Service (IDaaS) solutions can solve the identity sprawl issue by providing single sign on. They can also strengthen authentication via multi-factor authentication. However, this is achieved by and large by duplicating user data from the on-premise directory to their cloud directories. So it’s a simple matter of whether or not you trust user data, including passwords, to be stored in a cloud directory. The recent hack at IDaaS provider OneLogin is just one reason to worry.
If you think about it, directory sprawl is very much like identity sprawl. The risk footprint may be smaller, but how much are you willing to gamble at the hands of the IDaaS vendor. Duplication is not necessary, and there are more efficient ways of avoiding identity sprawl without having to resort to Directory Sprawl.