Computing Delta surveyed more than 300 end-users of different identity and access management tools. In this article we compare answers to find the winner from the market leaders: Microsoft vs Google vs AWS
Identity and access management is commonly adopted as soon as a business leaves the start-up phase – only the smallest companies can get away with relying on their device/system’s default log-in settings. That makes such tools widespread, but several long-standing vendors dominate the market, including RSA, Oracle and Okta. The largest names in the UK, though, are Microsoft Active Directory, Google Cloud IAM and AWS IAM. Just like choosing a cloud provider, the Microsoft vs Google vs AWS question is one that many IT leaders must face when looking for an identity management solution.
As part of Computing Delta’s ongoing research into Microsoft vs Google vs AWS – and other I&AM services – our research team has been asking senior IT professionals about their preferences to help you answer the question…
Which identity and access management tool should I choose?
Computing Delta’s analysis of this market, with interviews with more than 300 senior IT leaders who have used these services, is available to Delta subscribers; click here if you do not have access but would like to see the full report in a demo. More information, including comparisons with other vendors, is available in the Identity and Access Management Report. If you are looking to make a platform comparison, this article provides a brief summary of the market leaders, Microsoft vs Google vs AWS.
What’s the difference between Microsoft Active Directory, Google Cloud IAM and AWS IAM?
- Deployment: Microsoft Active Directory has on-premises, hybrid and cloud-based versions (Azure Active Directory), while Google Cloud IAM and AWS IAM are cloud services with some hybrid functionality.
- Ease of use: IT leaders say AWS IAM is easier to use than either Microsoft Active Directory or Google Cloud IAM.
- Pricing: Most Windows licenses include a free, basic version of Active Directory; however, AWS or Google Cloud Platform account-holders can use the full versions of AWS IAM and Google Cloud IAM.
- Integrations: Active Directory integrates with thousands of common business apps and all Windows services, while AWS IAM features strong integrations using APIs. Google Cloud IAM’s integrations are said to be weak and several users cite them as a reason for choosing a different solution.
Microsoft vs Google vs AWS – the background
Although a critical component of modern business, ‘identity and access management’ is a rather vague descriptor. At a very basic level, it refers to the policies, processes and systems that bind users or a system to a set of permissions in the network, such as the ability for their online identity to access certain files.
This vagueness leads users to refer to many different firms – from those that produce single components to providers of the full end-to-end IAM technology stack – using the same term.
Microsoft Active Directory vs Google Cloud IAM vs AWS IAM is a key example. While Google’s and AWS’s offerings are more traditional tools – controlling access to services and resources, and managing user permissions – Active Directory is different. Rather than focusing on identity management, it is a collection of services that help administrators manage users and devices on a network. However, it also includes functionality like single sign-on, and is widespread across corporate IT estates.
Despite their differences, all three vendors have high awareness among UK IT leaders, and are among the most-trialled solutions. It is not until we drill down into the solution specifics that we can begin to clear up the Microsoft vs Google vs AWS question.
Microsoft vs Google vs AWS – the tools
Business software as a whole – HR, BI, finance, etc – is moving to the cloud, but cybersecurity is different. Companies should deploy security systems in the same environment as the one they are protecting, so having an on-premises version is important for some users. A Global Head of Infrastructure and Operations in the manufacturing sector said:'I think you typically would choose a solution that fits with your architecture, so if you are moving towards a cloud strategy then you will try to find a solution that is going to fit with the enterprise architecture that you have around that.' Click To Tweet
Many IT leaders use a combination of Active Directory and Azure Active Directory for this reason, and the lack of on-premises functionality is a major criticism of both Google Cloud IAM and AWS IAM. These solutions have limited hybrid functionality. In addition, tying your access management services to your cloud provider makes any future migration even more complex.
Microsoft Active Directory is available both on-prem, as a hybrid deployment and in the cloud (Azure Active Directory). It uses a directory called the data store, which contains information about objects on the network; including servers, user accounts and other physical resources. Although not a traditional IAM tool, Active Directory includes standard features such as single sign-on, multi-factor authentication, privileged access management and identity governance.
Google Cloud IAM is available for users of Google Cloud Platform (GCP), which somewhat limits its adoption as Google is behind Microsoft and AWS’s uptake as an enterprise cloud provider. It is designed to control granular access to GCP resources with a role-based, zero-trust approach. It leans heavily into access controls using three elements: policies, roles and members. Every member must have a role, but individuals cannot be assigned unique access rights within a role.
AWS IAM is a cloud-based tool to control access to AWS services and resources. Admins create and manage users and groups, and can assign and manage individual or role-based credentials using APIs, CLI or AWS Management Console.
All three tools have a niche, such as Active Directory’s employee lifecycle management, Cloud IAM’s profile management and AWS IAM’s varied authentication methods. However, they also have weaknesses: respondents pointed to Microsoft’s certification management, Google’s integrations and AWS’s suitability for hybrid environments.
Microsoft Active Directory vs Google Cloud IAM vs AWS IAM – pricing
Microsoft Active Directory, Google Cloud IAM and AWS IAM are free for users of those particular cloud services (Microsoft Azure, Google Cloud and AWS Cloud). However, users can pay more to access additional functionality through Microsoft.
Azure Active Directory has four versions: Free, Office 365 apps edition, Premium P1 and Premium P2. The Free edition is included with an Azure subscription, and the Office 365 version with an Office 365 subscription (E1, E3, E5 or F3).
The Free edition manages up to 500,000 objects and single sign-on for 10 apps. IAM standards like password management, multi-factor authentication and features for guest users are also included by default. The O365 apps edition adds group access management, password reset for cloud users, SLAs and two-way synchronisation between on-prem and cloud directories.
Premium P1 adds enterprise-level IAM tools, such as various password management options; access to Microsoft Cloud App Discovery; application proxy; advanced group access management; and conditional access. It also enables hybrid users to access both on-prem and cloud capabilities. Premium P2 includes more advanced identity protection features, such as risk-based conditional access and privileged identity management. Pricing starts at £4.47 per user per month for Premium P1, and £6.71 per user per month for Premium P2.
Google Cloud IAM is free for Google Cloud users, but does have some quotas and limits that restrict the number of requests and resources it is possible to send or create. Users can request a quota increase through the Google Cloud Console if necessary.
AWS IAM is another free service, and a feature of every AWS account. Users are only charged for their use of other AWS services.
The Microsoft vs Google vs AWS question has a straightforward answer: while all three cover the basics of identity management, and have their own strengths, the choice will really come down to your environment: whether it is mostly on-prem, cloud or hybrid, and which company is your major cloud provider.
Although growing, boosted by the growth of remote work in 2020, cloud has had a slower adoption in identity and access management than other business areas, with only 28 per cent of our respondents running a full cloud solution. A product that can operate across environments is generally preferred.
Many CIOs adopt both Active Directory and Azure Active Directory for this very reason, but that is difficult with the cloud-first tools from Google and AWS. We found that firms often adopt these solutions not for the full identity management technology stack, but to handle specific components like access management or authentication.
In the full research, find out what the major trends are in UK IAM; where the major vendors are going next; and how UK IT leaders use their IAM tools in anger.
For more information on Microsoft vs Google vs AWS – including interviews, case studies and data on how all three companies performed in our study – contact Delta today.