TL;DR

• Identity is becoming the primary control layer in cyber security
• Many SMEs no longer need traditional Active Directory environments
• Cloud-first organisations require centralised identity beyond legacy models
• Platforms like JumpCloud reflect a broader shift in the market
• UK and New Zealand organisations are moving in the same direction

One of the most important shifts we are seeing across cyber and network security is the move away from the traditional network perimeter.

Historically, security was built around the idea that if you were inside the network, you could be trusted. That model no longer reflects how organisations operate today.

With cloud applications, remote working, and distributed environments now standard, identity and access management has become the primary control layer.

This is not a future trend. It is already happening.

Why Traditional Active Directory Is No Longer Enough

For many years, Active Directory has been the foundation of identity management.

However, it was designed for:

• On-premise environments
• Windows-based systems
• Centralised network architectures

For cloud-first organisations, particularly SMEs, this model is increasingly misaligned.

A common assumption is that organisations still need:

• On-premise Active Directory
• Or cloud-based equivalents such as Microsoft Entra

In reality, for many SMEs using predominantly cloud applications, neither is strictly necessary in its traditional form.

What Cloud-First Organisations Actually Need

What organisations do need is:

• A centralised identity and authentication service
• Consistent access control across applications
• Device-aware security policies
• Visibility of who is accessing what, and from where

This is where the market is shifting.

The requirement is no longer “directory services” in the traditional sense. It is identity as a service, designed for cloud, SaaS, and distributed users.  This distinction is important.

The Rise Of Unified Identity Platforms

We are seeing a clear move towards platforms that combine:

• Identity and access management
• Device management
• Authentication and policy enforcement

Rather than deploying multiple tools, organisations are consolidating around unified platforms.

This approach:

• Reduces complexity
• Improves visibility
• Supports Zero Trust security models
• Aligns with how modern environments actually operate

This is a consistent trend across both the UK and New Zealand, particularly in organisations without large internal IT teams.

Where JumpCloud Fits In This Shift

This is where vendors like JumpCloud come into the conversation.

JumpCloud is not a new vendor, but it represents this new category of cloud-based directory and identity platforms.

It combines:

• Identity and access management
• Device management across Windows, macOS, and Linux
• Centralised authentication and policy control

What stands out is not just the technology, but the approach.

It reflects a move away from:

• Legacy directory dependency
• Fragmented identity tooling

Towards:

• A unified, cloud-native identity layer

From our perspective, this aligns closely with what many organisations actually need today.

What We Are Seeing Across The UK And New Zealand

Across both regions, the pattern is consistent.

In the UK:

• Many organisations are still operating hybrid Active Directory environments
• There is growing pressure to simplify and modernise

In New Zealand:

• More organisations are cloud-first from the outset
• Smaller teams drive demand for simpler, consolidated platforms

In both cases:

• Identity is becoming the primary control point
• Complexity is becoming a bigger risk than capability
• Organisations are looking for practical, scalable solutions

This is less about replacing one vendor with another, and more about recognising that the model itself has changed.

The Bigger Picture

The shift towards identity-first security is one of the most important developments in cyber security today.

For many organisations, particularly SMEs, the question is no longer: “Do we need Active Directory?”

Rather it is: “What is the simplest, most effective way to manage identity, access, and devices in a cloud-first world?”

Platforms like JumpCloud provide one answer, but the real value comes from understanding the direction of travel.

👉 Contact us below to explore how your identity and access approach aligns with today’s cloud-first environments…

📞 UK +44 (0) 113 341 0123

📞 NZ +64 (0)9 802 2444

📧 hello@itogether.com

FAQs

Do SMEs still need Active Directory?
Many SMEs using cloud applications no longer require traditional Active Directory, but still need centralised identity and access management.

What is identity-first security?
Identity-first security focuses on controlling access based on user identity, device, and context rather than relying on network location.

What does JumpCloud do?
JumpCloud provides a cloud-based platform for managing identity, access, and devices across modern IT environments.

Why is identity important in cyber security?
Identity is now the primary control layer for accessing systems and data, making it critical for protecting against unauthorised access.