As we’re seeing now, IT departments need architectures that allow them to provision users, manage those users’ devices, and control access from any location.
Although most organizations likely won’t shift to remote work permanently, we predict that their shift to cloud infrastructure has staying power — and we envision an architecture that helps organizations reduce their dependence on physical servers and other on-premises infrastructure, as well as increase their flexibility and resiliency.
In practice, this architecture will allow organizations to replace legacy directory services with entirely cloud-based infrastructure and create the domainless enterprise. In this post, we’ll take a closer look at the domain-bound enterprise of the past and the new approach to IT security in the modern domainless enterprise.
The Domain-Bound Enterprise
In the era of the domain-bound enterprise, admins controlled a server room and managed in-office workers and devices. Workers came into the office and logged into workstations, through which they accessed the internal network and their assigned resources.
Organizations relied on the internal network — their domain — to protect resources and data. This model served as the perimeter around organizational data, and it worked well until laptops and mobile devices, SaaS applications, and other technological advancements punched holes in the traditional domain.
Then, admins were forced to tie new resources back to their on-prem directory instances, usually Active Directory®, with identity bridges. They required these identity bridges to federate core identities from AD to these new resources, like web apps and Mac® machines. Separately, they required various solutions, like VPN tunnels and RDP ports, to connect remote and distributed users to the internal network and allow access to resources such as on-prem file servers. Although this model required complex vendor management and networking, it still served organizations with traditional offices and few users in the field. (Read more…)