The present tech scenario is evidencing a business war in the cloud computing domain. Both the competitors, Microsoft and Google, are giving a fight tough for the cloud infrastructure ownership apart from the competition they have with the market share leader, AWS. There is a certain strategy that is mapped out for these infrastructure provider giants in which they not only extend cloud services but at the same time provide various management services and applications revolving around the core infrastructure.
Providing access management solutions and identity forms one of the vital parts of these ancillary services. This has resulted in a competition between Google Cloud IAM vs Azure Directory for cloud infrastructure.
Continue Reading
Need of Server-Level Management and Security
It is a well-known fact that in the present days the IT firms are vigorously shifting to the cloud. It is interesting to note that instead of building own data centers, these companies are leveraging IaaS (Infrastructure as Service) that include Azure and Google Cloud. In this scenario, there is a challenge for the IT companies. All these companies already have well-developed on-prem systems empowered with significant management tools, overall control, and security solutions.
It is now a substantive fact that these companies are definitely on the lookout for the same in-depth level of expertise in the domain of cloud provider solutions as well. Here comes the need of cutting-edge management and security solutions because without these features the shift to the cloud doesn’t seem to be a promising event.
The war of the two bigwigs: Google vs Microsoft
Both the biggies in the discussion, i.e. Microsoft and Google have with their applications, Azure and Google Cloud respectively, have presented a crucial set of identity and management solutions which we know as Azure Active Directory and Google Cloud IAM and both of these solutions are supporting the IT firms to shift to IaaS.
Let us now understand the vital features of both these solutions. It should be understood clearly that both Azure AD and Cloud IAM are essentially user management platforms for Azure and Google Cloud respectively and are vested with the authority to control user access to those services. We can substantiate this with an example for better clarity.
Google Cloud IAM forms the identity access control center for the web management console. The admins in this scenario can offer control over whom has the authority to manage and create cloud projects. To simplify compliance processes of an organization, an entire audit track history, or Built-in Audit Trial, in other words, comprising of permissions authorization, removal, and delegation is made available to admins sans extra effort.
One another fantastic feature that IAM is equipped with is “Fine-grained Access Control”, where users are granted roles at a resource-level of granularity rather than limiting to project-level. A user can create an IAM access control policy guaranteeing Subscriber role to a user for a specific Cloud Pub/Subtopic. Before the inception of Cloud IAM, users could be bestowed upon only with roles of Editor, Owner of Viewer.
A wide choice of resources and services result in providing the way for added IAM roles. For e.g. the Cloud Pub/Sub service exposes Publisher and Subscriber roles apart from the regular Editor, Owner of Viewer roles. Google Cloud IAM doesn’t offer the ability to regulate user access when it comes to the server level.
AzureAD comes with slight variation in this scenario. Apart from the fact that it acts as the user management platform for Azure, it is also vested with the extra expertise to control users at the Windows server level and with Office 365 as well but the challenge remains the same. Connecting Azure AD identities with Google Cloud, AWS, or for that matter with any other provider is not possible as Azure AD is known to be the management platform of Azure.
Azure AD in 2016, had been identified as one of the Leader in Gartner Magic Quadrant for Identity and Access Management as a Service and it addresses both technologies and business challenges with equal expertise. Below are few mentioned challenges that were faced and overcome:
Comprehensive natural Cloud Extension IAM
Azure AD, which is a cloud-based and scalable IAM solution has the following capabilities:
- Managing, storing and using identity-related data
- Managing access for both integrated in house or third party web applications
This explains that Azure AD is capable to manage both cloud and on-premise words. It is the tailor-made solution to be used to extend on-premises AD into the cloud to manage access to web applications of the users. It can also be used independently without connecting it with user’s on-premises AD. Azure AD multiple abilities provide mechanisms to recognize high-risk objects or events and pre-defined activities such as restricting access and/or providing notification to administrators can be activated at that instance.
Reduced IAM Costs
The license model adopted by Azure AD allow users” pay for what you consume” and this their overall IAM cost can be reduced. The cost-saving effect is achieved by integrating solution ton on-premise AD, Office 365, popular SaaS applications like Salesforce, Workday, Google Apps, Box, ServiceNow, Dropbox etc.
Multi-Industry Compliance
The services and components of Azure AD have been attested and audited in compliance with various critical industry standards like HIPAA (via a BAA), HITRUST, NIST 800-171.
One of the major shortcomings that is discovered in both the strategies is that neither Azure AD nor Google Cloud IAM cold function as core identity provider for the IT companies, rather than task is invested in the IT companies to sort out.
This specific shortcoming being present in both the strategies is considered to be a key one because one central active directory service is what is preferred by the organizations. Availability of “mini directories” i.e. presence of multiple management platforms would create substantial work and a great deal of security risk.
