What is Directory Sprawl?
(Last updated on February 27, 2019)
The ugly truth behind IDaaS cloud directories
Directory Sprawl refers to the duplication of user data from an on-premise directory to a cloud directory. This problem is caused by the adoption of software as a service (SaaS) and the challenge of managing multiple user identities.
SaaS services have their own user database, each with their own way of identifying users, as well as securing and administering their data– this is known as identity sprawl. SaaS introduces both authentication and user management challenges within organizations since IT departments lose control.
Each SaaS application requires users to log in with their SaaS specific credentials. IT does not have visibility into the types of passwords their users are using when accessing these services. They don’t know if the passwords are secure, or compliant with regulatory requirements, or if they are simply reusing corporate passwords across these services – which is likely the case with studies indicating 80% password reuse. With a single breach opening the door to multiple systems, including sensitive corporate data, the threat to exposure is a hard reality.
Identity and Access Management as a Service (IDaaS) solutions can solve the identity sprawl issue by providing single sign on. They can also strengthen authentication via multi-factor authentication. However, this is achieved by and large by duplicating user data from the on-premise directory to their cloud directories. So it’s a simple matter of whether or not you trust user data, including passwords, to be stored in a cloud directory. The recent hack at IDaaS provider OneLogin is just one reason to worry.
If you think about it, directory sprawl is very much like identity sprawl. The risk footprint may be smaller, but how much are you willing to gamble at the hands of the IDaaS vendor. Duplication is not necessary, and there are more efficient ways of avoiding identity sprawl without having to resort to Directory Sprawl.
Don’t let the title fool you. This is not so much a melodrama – but rather about our fragmented identities sprinkled in the ubiquitous digital space. Okay, maybe a little exaggerated, but let’s see how you feel after a dozen failed passwords attempts – or could it be the wrong username? You narrow it down…Read More
We recently ran a meme contest on Spiceworks asking IT administrators and support staff to create a password related meme that captured their password management challenges. I’ve taken the liberty of including some of these throughout this article. With over a 100 memes submitted it is quite evident that end users continue to make poor…Read More
Multi-factor authentication is already widely used by financial institutions and web services that have suffered attacks. Companies are turning to multiple forms of authentication to protect access to sensitive information. Various high-profile hacks and breaches over the past few years have prompted the adoption of multi-factor authentication. Stealing credentials is the easiest way to get…Read More